I am a developer with a passion for testing. I've been coding for 14 years and I want to share my experience and learnings with other developers to help them write better software.
The expiry should be relatively short, I would say minutes. You should also create a way for you to update tokens as Facebook does. Facebook tokens last for about 60 minutes and if you want to continue making requests after 60 minutes you have to trade the current token for a new token before the current token expires.
The issue identifier is the application that creates the token, not the application or user who asks for the token.
eg
User 1 asks for a token
Website A creates and returns the token to User 1.
In this scenario the issue identifier would be "Website A"
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
The expiry should be relatively short, I would say minutes. You should also create a way for you to update tokens as Facebook does. Facebook tokens last for about 60 minutes and if you want to continue making requests after 60 minutes you have to trade the current token for a new token before the current token expires.
The issue identifier is the application that creates the token, not the application or user who asks for the token.
eg
User 1 asks for a token
Website A creates and returns the token to User 1.
In this scenario the issue identifier would be "Website A"