This project is not covered by Drupal’s security advisory policy.
This module adds a token authentication method for the Services 3.x branch.
When adding this authentication method to an endpoint you can choose what roles will get a token and users then can get their token on their profile page.
The token is sent by passing it in a header value called 'authorization'. The module finds the user with that token and then sets that user as the user the services call will be executed as.
Because (honestly) tokens really aren't secure unless used over SSL, there is an option to not let the token work if the user doesn't pass it over SSL. On production systems you can also enable the 'paranoia' option. What this does is change a user's token if they try to use it over a non-SSL connection--just in case it gets picked up by some malicious 3rd party.
Project information
- Project categories: Developer tools, Access control
- Created by soyarma on , updated
This project is not covered by the security advisory policy.
Use at your own risk! It may have publicly disclosed vulnerabilities.
