Forum Discussion
Token replay question
I had a case of a user being phished and their token being used in a replay attack. The replay appeared in the sign in logs from a different IP address to the "true" users IP. I then saw activity o...
I haven't tested this recently, but this was indeed the case back when I last played with this. It's embedded as part of the access token ("ipaddr" claim).
Ok so the initial authentication the user is tricked into performing shows the attackers IP?