Openmaize.Token
Module to generate Json Web Tokens and send them to the user, either by storing the token in a cookie or sending the token in the body of the response.
Json Web Tokens
Json Web Tokens (JWTs) are an alternative to using cookies to identify, and provide information about, users after they have logged in.
One main advantage of using JWTs is that there is no need to keep a session store as the token can be used to contain user information. It is important, though, not to keep sensitive information in the token as the information is not encrypted — it is just encoded.
The JWTs need to be stored somewhere, either in cookies or sessionStorage (or localStorage), so that they can be used in subsequent requests. If you want to store the token in sessionStorage, you will need to add the token to sessionStorage with the front-end framework you are using and add the token to the request headers for each request.
If you do not store the token in a cookie, then you will not need to use
the protect_from_forgery (csrf protection) plug. However, if you are
storing the token in sessionStorage, there is then a risk of cross-site
scripting attack.
Summary↑
| add_token(conn, user, storage) | Generate token based on the user information and the |
| decode(token) | Decode JWT |
| encode(payload) | Encode JWT |
Functions
Generate token based on the user information and the token_info
setting in the config.
The token is then either stored in a cookie or sent in the body of the response.
Decode JWT.
Encode JWT.