Open egeldenhuys opened 6 years ago
It would be more convenient to have secure JWT out of the box. The key can be stored in the database and created when the back-end is initialised.
On updates it might be convenient to regenerate the secret key to force all users to login again.
I can't think of any use case where the system admin requires access to the secret key. It can be retrieved from the database if required.
It would be more convenient to have secure JWT out of the box. The key can be stored in the database and created when the back-end is initialised.
On updates it might be convenient to regenerate the secret key to force all users to login again.
I can't think of any use case where the system admin requires access to the secret key. It can be retrieved from the database if required.