You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It would be nice if the sign method actually returned an object with the token string as a property and the expire date time and other values. I need to add it to a database so I can verify it is a valid token so I now end up having to verify the token right after signing it so I can load them into a database.
I know this is a requirement but it is for our security to still verify the key when it comes back. I hope to eventually take this out once JWT is more solid and excepted. Any help on convincing management on this would be great as well.
The text was updated successfully, but these errors were encountered:
it doesn't make sense. You can use jwt.verify first, if it's correct, then you can query you db to find if this token exists in your db. All the properties generated by jwt in token are not necessary for you.
We are doing it to make sure nothing funny happens. We don't have to query for everything but we still store a token id and expire in the DB that gets cleaned up once it expires. This also allows use to invalidate the token if the users permissions change.
Actually maybe you are right if I set the timeout then I could just infer it....hmmm
It would be nice if the sign method actually returned an object with the token string as a property and the expire date time and other values. I need to add it to a database so I can verify it is a valid token so I now end up having to verify the token right after signing it so I can load them into a database.
I know this is a requirement but it is for our security to still verify the key when it comes back. I hope to eventually take this out once JWT is more solid and excepted. Any help on convincing management on this would be great as well.
The text was updated successfully, but these errors were encountered: