How about session hijacking? Can't attackers still use valid tokens even if the end user´s latch is closed?

That depends on how your service is integrated with Latch. The most commonly described scenario is authentication, when your service only communicates with Latch at the moment of checking credentials. However, you can make calls to Latch at any point in your authorization architecture, when you believe a critical operation is being performed.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request


Please sign in to leave a comment.
Powered by Zendesk