Issue #188 confirmed that salt in AuthToken is needless.
And also I think salt prevent the uniqueness of token.
When i think about 2 AuthTokens which have same token and different salts, The 2 AuthTokens may be saved in Database because ...
Digests of 2 AuthTokens are different because salts are different.
Unique key index is only applied to digest and salt each columns (digest is primary key).
If 2 AuthTokens which have same token is saved in Database, both token will be authenticated to same User (this is invalid for either of two).
It is very rare case that same token is generated by urandom, but I think the uniqueness of the token in database is important and it should be guaranteed by database constraint.
When salt is removed, same tokens will be converted to same digests and the uniqueness of the token will be guaranteed by the uniqueness of digest.
discussed at issue #188
Issue #188 confirmed that salt in AuthToken is needless.
And also I think salt prevent the uniqueness of token.
When i think about 2 AuthTokens which have same token and different salts, The 2 AuthTokens may be saved in Database because ...
digestandsalteach columns (digestis primary key).If 2 AuthTokens which have same token is saved in Database, both token will be authenticated to same User (this is invalid for either of two).
It is very rare case that same token is generated by
urandom, but I think the uniqueness of the token in database is important and it should be guaranteed by database constraint.When salt is removed, same tokens will be converted to same digests and the uniqueness of the token will be guaranteed by the uniqueness of
digest.