Allow bots to reset their own bot token
Add an API feature which can be called to reset a bot's token and which returns the new token and invalidates the old one.
-14
-
This would.. kill the session resetting the token, and would be incredibly insecure
Say a token gets leaked and one person then uses this to reset it, main bot gets 401's now, and that old token is invalid, so they can freely make chaos while everyone just thinks the bot is dead, and while the bot is just getting spammed with 401 errors
1 -
This can be done by forcing 1000 login attempts in a day 0 -
Why would you need this?
0 -
I can understand some very small situations where this could be useful but those very small situations are the result of the developer not being careful in the first place.
Better solution! Protect your token! This just feels like a way to periodically generate new tokens for security but you shouldn't need to do that.0
Войдите в службу, чтобы оставить комментарий.
Комментарии
Комментариев: 4