Use more secure JWTs for password reset and email verification #687
Comments
|
but then we need a session created for the user too, how does that work? |
|
Just a note about Mobile, cookies, and JWT--wanted to put this somewhere and this ticket seems as good as any for the moment: While our cookie-based setup in mobile basically just works now, it's problematic by definition. I think some of the issues with cookies in the native environment are the root cause of some remaining socket connection inconsistency issues which I'm currently trying to get to the bottom of. I'm not any more certain than you about JWT being the final solution, but it would definitely be a solid basis for ironing things out on mobile. Here is the gory details of the state of cookie based auth / sessions in React Native: Sorry that this is still somewhat nebulous and inconclusive. If we don't end-up on JWT auth right away things will still work ok on mobile, so just take this note as confirmation that there may be reasons--at least in mobile--to keep looking to full access with JWTs... |
Add auth by JWT for password reset and email verification:
The text was updated successfully, but these errors were encountered: