![]() The vision was that the app secrets would be made available to apps out-of-band and not passed in the install payload at all. Our initial approach to solving this problem was to move to a per-app secret model where an app would have the same secret for every installation. We had long wanted to address the problem of the unsigned initial install, as it remained a weakness of the installation process. This included any subsequent installs, even where those installs changed the app secret. ![]() The initial installation of an app would be unsigned and contain the secret for all future interactions, which would be signed. Historically, Connect used a different secret for an app in every installation (unique secret per-tenant/per-app secret model). ![]() After some time using a per-app secret model, Connect will be returning to a per-installation secret model.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |