What is the best use for authentication if user data can change at any time?

V

Vladimir Golub2020-01-29 17:55:00

Node.js

Vladimir Golub, 2020-01-29 17:55:00

Currently using jsonwebtoken, bcrypt. After checking the password and login. Give each user a token and put it in cookies (session lifetime is 1 day). There was a task with the fact that you can block the user. What strategy to choose in this case. Enter the user id in the token and each time make a request to the database to obtain information or keep a blacklist of the token, but again, the database will have to be cleared and a request made each time. Maybe there is a better solution?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

E

ettychel, 2020-02-12
@ettychel

Well the first - very long life aksess. set it to at least 2 hours.
Second - try using a ready-made solution in the form of an authentication server , you don't have to bother with tokens and their validation, and in general everything will become much easier. This server can also authorize and in general the functionality is huge. There are all models for issuing access rights and connecting other identity providers, in general, study and use with pleasure.
Ps About a year ago, I was looking for the best way to implement authentication and authorization at home, and Ivan Shumov suggested which direction to go, since then I have been using and enjoying it)
PsPs At the first stages of acquaintance with the tool, there is a sharp exacerbation of baldness))