Embedded view can create token
Yes, that's correct.
okay.
shouldn't expact that when it's a read-only user.
Thanks
Token is not stored anywhere, so readonly users can generate it.
Seems strange that a guest user (via token) has permission to create new tokens while also being able to set their own expiry date.
I guess my next step is to find out how to revoke tokens, sounds difficult it they're not saved.
I just checked this. If I create a token and it has an expiration date for three days out. Can the read only user generate a token that will work past that date?
It should be easy to check.
Hi,
I have just installed 5.6 and working well.
I have added a user with readonly rights for my embedded view.
But i can see that the readonly user can create a new token. Should that be right?