Back to oDesk.com » Love the way you work.

Welcome to the oDesk Community! Connect here with fellow clients, contractors, and oDesk staff. Please review our Usage Policy.

another user can use active keys generated by a user!!

Hi,

I have created token keys and get the teamroom data by clicking "Authorize access".
But on another browser, I can get the teamroom data for different user, though the key
was not created by that user. It should not be happen.

Vote Result

----------
Score: 0.0, Votes: 0
You have created an

You have created an application(!) key that is designed to be used by any oDesk user, what means that a key is associated with app, but not with a concret user/developer who had created it. What means, that this app can be used by any user who authorizes the app.

Please read more about authentication and authorization process here

Note: that app key is a public part of your application, at the same time you ought not to share secret key that is used to sign request.