{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 太酷不给撩 的问题《Is an OAuth 2.0 token forever unique to the provid》','https://www.manongdao.com/q-884161.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
When an OAuth 2.0 provider issues a token, is that token value forever unique to the provider? Or is it possible that sometime in the future, presumably after the token expires, another token, potentially for a different user, could be issued with the same value? In searching I found much information about tokens expiring, but no details about if that token value could potentially be re-used in the future.
相关问题
- How to verify laravel passport api token in node /
- Obtaining Refresh Token from lepture/Authlib throu
- YouTube API refresh token revoked with 400 code “i
- Azure AD OAuth client credentials grant flow with
- Authenticating to Google Cloud Endpoints as iOS ap
相关文章
- ASP.NET MVC 后台 + 微信小程序
- How to use ALTER TABLE to add a new column and mak
- Why is redirect_uri required on Access Token reque
- Android Studio - Get Firebase token from GetIdToke
- Django REST Framework - OAuth2 Consumer API from e
- Google OAuth 2.0 User id datatype for MYSQL
- Google OAuth 2: response_type error on token reque
- Google OAuth 2 redirect_uri_mismatch - OmniAuth Ra
There's nothing in the core OAuth 2 spec that guarantees this. It is implementation specific if there is a chance of collision or not. You should find out from your OAuth AS provider what the likelihood is. But agreed with Artem - this sounds odd if you are trying to uniquely identify users based on what is suppose to be just an API (access) token.
If you use something like UUID - it's time dependent and unique - so you should NOT make them reusable. Taking in account that you'll generate tokens in different instants of time - they all will be different.