get token claims in SecretFetch

[GinShio]

I want to use the user's password as the secret (I'm not sure if this is a good way), so I want to get token claims in SecretFetch.fetch_verifying_secret/3, then call mod.resource_from_claims/1. Could you help me solve this problem

[Hanspagh]

Hi @GinShio Normally the secret is rather static and not dependent on the password. What would the exact usecase be for this?

[GinShio]

Thanks @Hanspagh I want to use JWT to verify user status (e.g. login), Guardian is the nice library.

I don't want to store token, so signed the JWT with static secret key and user's password (password |> sha256 <> static_secret_key), when user modify password that the old token will be invalid.

so i want to get claims in SecretFetch. What do you suggest me to do, signed by user password or static secret key

[Hanspagh]

To be it sounds more like tou could use a session token like PhonixToken I am not sure your use case is fitting guarding very well, but let me know if I misunderstand something

[GinShio]

I will learn Phoenix.Token and then decide how to use the token. I don't have any problems now, and this issue can be closed at any time. Thank you very much @Hanspagh