SignedString is an empty string

[bonifaido]

I think there is an issue with the token signing, which is that the value of SignedString is never set (so it is the default empty string) but it is used for signing tokens: https://github.com/qor/auth/blob/f21148b6eb4cbf3d5bf6b0fa4cfd55de66bd497f/session_storer.go#L78

[sergolius]

Default SessionStorer obviously has omitted SignedString, it's secret of a session. https://github.com/qor/auth/blob/709ba0ce943b0527f9fbdd4d469e3b157a3f1756/auth.go#L88-L94 You have to define it on your own.

[ghost]

I created a fork of qor where I committed several fixes/pull requests to make it work. Available at, https://github.com/qorpress/qorpress-auth-example