Menu
I am using token based approach in authentication, but in many blogs i read that they are storing token in the database.
Do we need to store token in Token Based Authentication in DB?
https://scotch.io/tutorials/the-ins-and-outs-of-token-based-authentication
In this blog, it is mentioned that we are signing the tokens instead of storing in database, and i think this should be the way to go to acheive true statelessness.
274
If you are using a Token base Authentication as described in the linked/mentioned web page there is no necessarity to store the token in a database.
What you have to consider is it possible to transport all required infomation the resource servers need to fullfill deliver the requested resources within the token in a secure way.
To transport for example the userId in a secure way you can additionally encrypt the token. If you want to ensure some data never leaves your datacenter for security reasons than it would be a good idea to hold those data in a database and the token only contains a reference(id) to the user related data stored in a database - that's more or less what's described in Open ID connect.
You should also keep in mind that adding user information to the token means addional payload with each request and may take longer to encypt / decrypt and sign / verify the signature.
If you are going to use the stateless / database less aproach you should clarify:
117
It depends. If you have multiple servers of keep the token between server restarts than you need to persist it somewhere. The database is usually an easy choice. If you have a single server and don't care that your users have to sign in again after a restart, than you can just keep it in the memory.
25
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
