Sign method should return object instead of string #82
Comments
|
it doesn't make sense. You can use jwt.verify first, if it's correct, then you can query you db to find if this token exists in your db. All the properties generated by jwt in token are not necessary for you. |
|
We are doing it to make sure nothing funny happens. We don't have to query for everything but we still store a token id and expire in the DB that gets cleaned up once it expires. This also allows use to invalidate the token if the users permissions change. Actually maybe you are right if I set the timeout then I could just infer it....hmmm |
|
I will close some old issues, let me know if you are still interested in discussing your approach. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It would be nice if the sign method actually returned an object with the token string as a property and the expire date time and other values. I need to add it to a database so I can verify it is a valid token so I now end up having to verify the token right after signing it so I can load them into a database.
I know this is a requirement but it is for our security to still verify the key when it comes back. I hope to eventually take this out once JWT is more solid and excepted. Any help on convincing management on this would be great as well.
The text was updated successfully, but these errors were encountered: