Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RSA token secret #309

Closed
lontongcorp opened this Issue Oct 12, 2016 · 2 comments

Comments

Projects
None yet
4 participants
@lontongcorp
Copy link

lontongcorp commented Oct 12, 2016

Moved from main repo feathersjs/feathers#423

Using node-rsa, export it to keyfile, as default token secret rather than hardcode it in config file will be better option I think. Reduce unnecessary steps to create new (good) token, production ready, and rotating it in every x days/wk/mo will make it more secure.

@marshallswain

This comment has been minimized.

Copy link
Member

marshallswain commented Oct 12, 2016

Rotating the token secret will invalidate all existing token, but after we implement real refresh token support it won't really be an issue.

@marshallswain marshallswain changed the title RSA token RSA token secret Oct 16, 2016

@ekryski ekryski added the Feature label Dec 30, 2016

@ekryski ekryski added this to the 2.0 milestone Dec 30, 2016

@daffl

This comment has been minimized.

Copy link
Member

daffl commented Feb 9, 2017

The new generator has a secret generator (see https://github.com/feathersjs/generator-feathers/blob/master/generators/secret/index.js) which I think is all we'll do for now.

@daffl daffl closed this Feb 9, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.