V
V
Vadim Ivanenko2015-10-09 14:18:50
RESTful API
Vadim Ivanenko, 2015-10-09 14:18:50

How to generate and store tokens for Token-based authentication (stateless)?

Чем должен быть токен?
Возможна ли такая реализация:
Таблица Users(Id, Email, PasswordHash)
1 : M
Таблица Tokens(Id, Salt, ExpiredIn, UserId).
Токен формируется на основе Encrypt(User.Email + User.PasswordHash + Token.Salt) = tokenValue.
Пользователю, в ответ на Email/пароль, возвращается {tokenValue, tokenId, expiredIn}.
При каждом запросе к защищенному ресурсу, мы получаем от пользователя tokenId, tokenValue.
Выполняем еще раз метод Encrypt над данными в БД, сравниваем с пришедшим tokenValue и проверяем ExpiredIn.
This will simplify the authentication logic a bit - you don't have to worry about deleting tokens when changing credentials(email, password). Changed credentials from one device - on all other tokens are already invalid.
Or store the token in the database as a random hash generated when entering the Email/password, but not containing the encrypted Email/password?

Answer the question

In order to leave comments, you need to log in

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question