You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
|
---
|
|
|
|
type: module
|
|
|
|
---
|
|
|
|
|
|
|
|
### Device Management
|
|
|
|
|
|
|
|
This module provides a means for a user to manage their [devices](/#devices).
|
|
|
|
|
|
|
|
#### Client behaviour
|
|
|
|
|
|
|
|
Clients that implement this module should offer the user a list of
|
|
|
|
registered devices, as well as the means to update their display names.
|
|
|
|
Clients should also allow users to delete disused devices.
|
|
|
|
|
|
|
|
{{% http-api spec="client-server" api="device_management" %}}
|
|
|
|
|
|
|
|
#### Security considerations
|
|
|
|
|
|
|
|
Deleting devices has security implications: it invalidates the
|
|
|
|
access\_token assigned to the device, so an attacker could use it to log
|
|
|
|
out the real user (and do it repeatedly every time the real user tries
|
|
|
|
to log in to block the attacker). Servers should require additional
|
|
|
|
authentication beyond the access token when deleting devices (for
|
|
|
|
example, requiring that the user resubmit their password).
|
|
|
|
|
|
|
|
The display names of devices are publicly visible. Clients should
|
|
|
|
consider advising the user of this.
|