Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

auth token should be encypted #25

Open
rjrodger opened this issue Jul 13, 2015 · 3 comments
Open

auth token should be encypted #25

rjrodger opened this issue Jul 13, 2015 · 3 comments
Assignees
@mirceaalexandru

Comments

@rjrodger
Copy link
Collaborator

this is more secure
mirceaalexandru added a commit that referenced this issue Aug 25, 2015
@mirceaalexandru
use external module for extending the auth token encrypt/decrypt oper…
5c31d32 
…ation. See #25
mirceaalexandru added a commit that referenced this issue Aug 25, 2015
@mirceaalexandru
revert auth-token-plain changes. See #25
d85139d
@mirceaalexandru
Copy link
Collaborator

This should be done by seneca-user not by seneca-auth

@AdrieanKhisbe
Copy link
Contributor

$ touch

@indr
Copy link
Contributor

indr commented Jul 29, 2016
edited
Loading

I stumpled upon this article by the express-stormpath project a few days earlier: https://stormpath.com/blog/the-problem-with-api-authentication-in-express
To me, but I'm not an expert in this field, the different aspects sound very reasonable. Especially the part about multiple access tokens and the key pair consisting of the user id and a random uuid.

But this issue indeed belongs to the seneca-user plugin I think.

Oh and I'm not related to express-stormpath in any way, just to say

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mirceaalexandru mirceaalexandru

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@rjrodger @indr @mirceaalexandru @AdrieanKhisbe