This topic contains 6 replies, has 4 voices, and was last updated by  MartinNup 7 months ago.

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #815 Reply

    Ded
    Participant

    Lets face it. Most of your users are coming from Clef and we’re used to seamless login on previously used devices.

    Could you add it so previously used devices dont have to authorize and you could revoke the authorization with the app?

    Thanks 😀

    #818 Reply
    MyID Support
    MyID Support
    Keymaster

    Hi Ded

    Thank you for your question.

    When RapID-SL authenticates, it simply authorises a WordPress logon directly with a cryptographic signature that the plugin verifies directly. Unlike Clef, there is no reliance on an external authentication service, which improves privacy and reliability.

    Once the RapID-SL user has authenticated and logged in to the site, they are then under the ‘session time out’ control of the individual WordPress site.

    We appreciate that it would be useful for the user to revoke a session from within the app. This is a great suggestion and something we will seriously consider.

    Thanks again

    #820 Reply

    Ded
    Participant

    Alright, thanks for adding revokable sessions to the roadmap 🙂

    Is there any way how I can control the logout on WordPress?

    #821 Reply

    Ded
    Participant

    Or I had another idea how to implement it. Once a PC authenticates it gets a cookie for the UserID. If you want to login on another website using RapID it doesnt ask for the login 🙂

    #823 Reply

    Chris
    Moderator

    Hi Ded,
    I don’t think that using its own cookies would work unfortunately – cookies are locked to a specific website and, to preserve privacy and avoid a single point of vulnerability, RapID uses a different authenticator for each site. (i.e. each site only trusts certificates issued by itself and the app has a secret key and certificate for every site you enrol).
    WordPress uses cookies for each site to track the current session, but it can be quite complex to change reliably. Best to try one of the numerous plugins that purport to manage session duration for your site. Just search for ‘session timeout’ for example. I’ve not tried any of these myself though.

    #827 Reply

    Ded
    Participant

    Thanks for the clarification, its helpful 🙂

    #1151 Reply

    MartinNup
    This reply has been marked as private.
Viewing 7 posts - 1 through 7 (of 7 total)
Reply To: Remember devices?
Your information: