Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Using CodeIgniter Best Practices Opinion : JSON web tokens
Opinion : JSON web tokens
  • Offline arma7x
    -_-
  • ***
  • Posts: 218
    Threads: 11
    Joined: Jul 2015
    Reputation: 1
#6
03-08-2017, 02:41 AM
(This post was last modified: 03-08-2017, 02:43 AM by arma7x.)

(03-04-2017, 08:21 AM)albertleao Wrote: Interesting. That might be a solution. I would still put an id  in my jwt that eventually tied back to a database sessions table. I know that defeats the purpose of stateless, but God mighty would it simplify native app development.

Yes, you should add identifier for each jwt token. And identifier tie to ip address, device os, etc stored in database. So user can access/track their jwt record then delete the unrecognized jwt. If your secret key is leaked, posibble for attacker to generate jwt, but not the identifier. Identifier should be generate randomly secure. On native mobile app maybe you can expose jwt payload, so user can know their identifier too.
Keep calm.
Reply


Messages In This Thread
Opinion : JSON web tokens - by albertleao - 03-04-2017, 06:53 AM
RE: Opinion : JSON web tokens - by arma7x - 03-04-2017, 07:38 AM
RE: Opinion : JSON web tokens - by albertleao - 03-04-2017, 08:21 AM
RE: Opinion : JSON web tokens - by Narf - 03-06-2017, 02:00 AM
RE: Opinion : JSON web tokens - by albertleao - 03-08-2017, 01:40 AM
RE: Opinion : JSON web tokens - by arma7x - 03-08-2017, 02:41 AM



Theme © iAndrew 2016 - Forum software by © MyBB