I'm using JWT to create access tokens for a Sinatra API.
My question is, what should I use to sign the token? Right now I'm trying to use the user's password hash, but bcrypt-ruby changes the password hash every time it's accessed making authentication impossible (when I encode it uses one hash and changes it so when I decode it uses another) so I need something that is unique to the server, but I want the token generation to be totally stateless.
Aucun commentaire:
Enregistrer un commentaire