- If the app provides users access to a remote service, some form of authentication, such as username/password authentication, is performed at the remote endpoint.
- If stateful session management is used, the remote endpoint uses randomly generated session identifiers to authenticate client requests without sending the user's credentials.
- If stateless token-based authentication is used, the server provides a token that has been signed using a secure algorithm.
- The remote endpoint terminates the existing session when the user logs out.
- A password policy exists and is enforced at the remote endpoint.
- The remote endpoint implements a mechanism to protect against the submission of credentials an excessive number of times.
- Sessions are invalidated at the remote endpoint after a predefined period of inactivity and access tokens expire.
List view
0 issues of 0 selected
There are no open issues in this milestone
Add issues to milestones to help organize your work for a particular release or project. Find and add issues with no milestones in this repo.