Closed GinShio closed 3 years ago
Hi @GinShio Normally the secret is rather static and not dependent on the password. What would the exact usecase be for this?
Thanks @Hanspagh I want to use JWT to verify user status (e.g. login), Guardian is the nice library.
I don't want to store token, so signed the JWT with static secret key and user's password (password |> sha256 <> static_secret_key
), when user modify password that the old token will be invalid.
so i want to get claims in SecretFetch. What do you suggest me to do, signed by user password or static secret key
To be it sounds more like tou could use a session token like PhonixToken I am not sure your use case is fitting guarding very well, but let me know if I misunderstand something
I will learn Phoenix.Token and then decide how to use the token. I don't have any problems now, and this issue can be closed at any time. Thank you very much @Hanspagh
I want to use the user's password as the secret (I'm not sure if this is a good way), so I want to get token claims in
SecretFetch.fetch_verifying_secret/3
, then callmod.resource_from_claims/1
. Could you help me solve this problem