Comment on How to store user's access tokens/API keys without hashing them?

<- View Parent
pe1uca@lemmy.pe1uca.dev ⁨1⁩ ⁨year⁩ ago

Thanks for all the information and advises!

So in theory basic auth is enough when sent through HTTPS, right?
If this is the case then the user would need to handle their password and my API can keep storing just the hash.

In another comment JWT was suggested, maybe this could also be a solution?
I’m thinking the user can worry about generating and signing the token and we could only be storing the public key , which requires less strictness when handling it, this way we can validate the token has been signed by who we expect and the user will worry about the private key.

source
Sort:hotnewtop