You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
reset-password-token
These are all JWT tokens which means we encode some unique identifier of the user to obtain the token and then decode the token and use that unique identifier for validation.
So we don't match the received tokens to the tokens stored in the db, does it make sense to keep the tokens in db?
The text was updated successfully, but these errors were encountered:
We keep only access and refresh tokens in the db, because if someone somehow will generate access token with the right user data in the it we will reject that token, as it is not stored in our db.
We use 4 types of tokens in Elvis:
These are all JWT tokens which means we encode some unique identifier of the user to obtain the token and then decode the token and use that unique identifier for validation.
So we don't match the received tokens to the tokens stored in the db, does it make sense to keep the tokens in db?
The text was updated successfully, but these errors were encountered: