auth token should be encypted

senecajs / seneca-auth

A Seneca user authentication plugin for Hapi and Express

http://senecajs.org

MIT License

33 stars 29 forks source link

auth token should be encypted #25

Open rjrodger opened 9 years ago

rjrodger commented 9 years ago

this is more secure

mirceaalexandru commented 9 years ago

This should be done by seneca-user not by seneca-auth

AdrieanKhisbe commented 8 years ago

$ touch

indr commented 8 years ago

I stumpled upon this article by the express-stormpath project a few days earlier: https://stormpath.com/blog/the-problem-with-api-authentication-in-express To me, but I'm not an expert in this field, the different aspects sound very reasonable. Especially the part about multiple access tokens and the key pair consisting of the user id and a random uuid.

But this issue indeed belongs to the seneca-user plugin I think.

Oh and I'm not related to express-stormpath in any way, just to say