Is there any way to keep developer token hidden from user view #4
Comments
|
Unfortunately, as far as I can tell there is no good way to keep the developer token hidden (though I would love to be proven wrong about this). This does mean your token could be exploited, so I would think your best bet would be setting the |
|
Thank you, that is really unfortunate and pity that Apple cannot design
properly own APIs
…On Mon, Jan 4, 2021 at 9:34 PM Kole Myers ***@***.***> wrote:
Unfortunately, as far as I can tell there is no good way to keep the
developer token hidden (though I would love to be proven wrong about this).
This does mean your token could be exploited, so I would think your best
bet would be setting the expiresIn to a relatively short amount of time
and more strictly limiting how often users can generate tokens. Maybe
limiting by ip, or user if you have your own authentication.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#4 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAEQPFV3L6NTUIRUMCFQNL3SYIQ35ANCNFSM4TJD2ZBQ>
.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Especially when we share web server publicly.
The text was updated successfully, but these errors were encountered: