-
Bug
-
Resolution: Done
-
Medium
-
None
-
None
-
S23 SIMPLY Nov1-Nov15
-
0
Currently the library registry resets a library's shared secret every time it's used. This is extremely secure but it has a huge cost. When a library's shared secret is reset, all Short Client Tokens issued before the reset are invalidated. This means that for up to an hour, people who were using SimplyE when the reset happened will not be able to get Adobe IDs.
It's very unlikely that a library's shared secret will be compromised, so it doesn't need to be reset every time – we can change things so it's only reset if the library asks for it to be reset.