Steemconnect session is maintained even when password is changed externally
Closed this issue · 2 comments
economicstudio commented
I've changed my master password on Steemit.com, but Steemconnect session was maintained. For instance, I can still use Busy.org (which uses Steemconnect for login session) without re-login. This would be vulnerable when password is actually hacked. All session should be expired with password change.
economicstudio commented
bonustrack commented
This is solved on the new version of steemconnect at https://beta.steemconnect.com/ . Access tokens are now created on front-end by signing a message with user Steem account key, if the user change his key the access_token will not be pass the validation anymore on SteemConnect API. Feel free to open another issue if you still having issue.