-
Notifications
You must be signed in to change notification settings - Fork 55
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add extra information in token #56
Comments
No, this isn't currently supported. Adding this feature would require:
This raises the question of serializing to bytes in a cryptographically secure way arbitrary Python objects. AFAIK Generally speaking:
So I'm not sure I want to move forwards with this. |
I think part of this was inspired by jwt. jwt can store arbitrary pieces of information. e.g. |
I see. I'm not sure I'm willing to develop as much attack surface as JWT ;-) |
I think #60 will help you do what you want. Make one scope per transaction e.g. |
Thanks for the package!
I'm trying to more securely create magic links. Say we want to send emails where users can approve a purchase. Right now we can generate a token
But if a motivated attacker wanted, they could submit another pending transaction, 59. And
If we could add the transaction id in the token, the api could unpack and apply the operation.
Is this already supported?
The text was updated successfully, but these errors were encountered: