Ok thanks for that. Sounds like I need to do something on the OAuth api side to basically map an access token to a domain, as right now a token will work despite the domain it's coming from. Thanks for your help.
On Tuesday, 9 June 2015 14:44:30 UTC+1, Sander Elias wrote: > > Hi Callum, > > No, the token only works for your application if you set up the system > correctly. So, anyone can grab the token, but it should not work, only when > they are operating under your domain name. > The website requesting access is encoded in the token. While not 100% > safe, it is not as easy to fool as you seem to think. > > Regards > Sander > -- You received this message because you are subscribed to the Google Groups "AngularJS" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/angular. For more options, visit https://groups.google.com/d/optout.
