Add the ability to store the token in the database/redis #100
Comments
|
In my opinion, this functionality does not need to be included in the library. You ca create a database table that contains all your tokens with the different claims. To do this, you need to change your login an refresh methods. If you want to unauthorize specific token, you can blacklist them. The functionality to blacklist tokens is implemented in this library. |
|
The main cause for JWT is that it shouldn't be stored anywhere, but validated using cryptographic algorithms |
|
I believe this issue should be not forwarded as peer @eschricker advised with @leon0399. If you think should keep this request open feel free to open the issue again with more details and why should be added to the library. |
|
I understand if that is the direction the developers want to go.. |
|
I think what you're looking for might a more feature-full implementation like https://laravel.com/docs/8.x/sanctum |
|
Exactly what I settled on. thanks |
This feature will be possible after #71 |
Summary
On sites with filesystems like Heroku, the file storage of generated files flushed every restart and at least every 24 hours.
For images ie user profile pic, AWS or other is suggested.
But for authentication I'd like to use the database or redis if needed to scale.
Each user may have multiple devices and therefor multiple rows in the token table.
For example token_id, token (hashed) user_id, device_id, device_name, platform
We would like to present a list of devices to the user and let them choose to unauthorize them.
The text was updated successfully, but these errors were encountered: