Answer the question
In order to leave comments, you need to log in
How to generate and store tokens for Token-based authentication (stateless)?
Чем должен быть токен?
Возможна ли такая реализация:
Таблица Users(Id, Email, PasswordHash)
1 : M
Таблица Tokens(Id, Salt, ExpiredIn, UserId).
Токен формируется на основе Encrypt(User.Email + User.PasswordHash + Token.Salt) = tokenValue.
Пользователю, в ответ на Email/пароль, возвращается {tokenValue, tokenId, expiredIn}.
При каждом запросе к защищенному ресурсу, мы получаем от пользователя tokenId, tokenValue.
Выполняем еще раз метод Encrypt над данными в БД, сравниваем с пришедшим tokenValue и проверяем ExpiredIn.
This will simplify the authentication logic a bit - you don't have to worry about deleting tokens when changing credentials(email, password). Changed credentials from one device - on all other tokens are already invalid.
Or store the token in the database as a random hash generated when entering the Email/password, but not containing the encrypted Email/password?
Answer the question
In order to leave comments, you need to log in
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question