Why is it customary to number Bearer token like this?

R

Romi2021-10-24 12:07:53

API

Romi, 2021-10-24 12:07:53

In this example, 57|PkWbJf1KeuHJYyv16teE20VQ5SV265bbIqo9CQrA - '57' is the token number.

Many engines use a similar format. Or even like this:

'Bearer 57|PkWbJf1KeuHJYyv16teE20VQ5SV265bbIqo9CQrA'

What is the practical meaning of this?

Indeed, from the context it is already clear that this is a Bearer token, and why pass the serial number of the token is a mystery to me.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

R

Romi, 2021-10-24
@romicohen

...the only thing that came to my mind was to make an index in the database by 'PkWbJf1KeuHJYyv16teE20VQ5SV265bbIqo9CQrA' - that's something like that :) yes, get by id and then just compare with the token - this should be noticeably faster with a large number of records than doing where ('token','PkWbJf1KeuHJYyv16teE20VQ5SV265bbIqo9CQrA'). Perhaps this is the answer.

B

Barmunk, 2021-10-24
@Barmunk

For example, in Laravel sanctum this number is the id in the token table.
Based on this, you can write a method for searching for a model instance by token.

public static function findToken($token)
    {
        if (strpos($token, '|') === false) {
            return static::where('token', hash('sha256', $token))->first();
        }

        [$id, $token] = explode('|', $token, 2);

        if ($instance = static::find($id)) {
            return hash_equals($instance->token, hash('sha256', $token)) ? $instance : null;
        }
    }

https://github.com/laravel/sanctum/blob/2.x/src/Pe...