I am a developer with a passion for testing. I've been coding for 14 years and I want to share my experience and learnings with other developers to help them write better software.
Thanks for the comment, I will try to answer your question.
The username and password, would query the database to check that the user exists. If the user does exist the user identifier for the database table will be retrieved, this is usually an integer. You would then use the identifier to create your token so you know who the user is.
The secret is what you want to hash your token with, it's like a salt, it's for security purposes. The data time string is for the expiry date, when do you want the token to expire, the issue identifier is a reference to the website that generated the token, this could be a URL for example.
I hope that info helps. Let me know if you have any further questions.
Thanks for your fast answer, i understood more now ! But I still have few questions 🙈
When I want to create my token, I write for example
Token::getToken('24', 'sha256, 1*,2*)
1*) According to you, what is the best dateExpiry ?
2*) When you say that the issue identifier is a reference to the website that generated the token, what do you mean by that ? I thought that was your method who created the toked.
And if the meaning of "generated" is the side that ask for creating the token (i.e my iOS app), is the issue id the bundle id of the App ?
Ps: thanks you a lot, really, and sorry for my misunderstanding
Of words, i'm new to the english too :)
I am a developer with a passion for testing. I've been coding for 14 years and I want to share my experience and learnings with other developers to help them write better software.
The expiry should be relatively short, I would say minutes. You should also create a way for you to update tokens as Facebook does. Facebook tokens last for about 60 minutes and if you want to continue making requests after 60 minutes you have to trade the current token for a new token before the current token expires.
The issue identifier is the application that creates the token, not the application or user who asks for the token.
eg
User 1 asks for a token
Website A creates and returns the token to User 1.
In this scenario the issue identifier would be "Website A"
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Thanks for the comment, I will try to answer your question.
The username and password, would query the database to check that the user exists. If the user does exist the user identifier for the database table will be retrieved, this is usually an integer. You would then use the identifier to create your token so you know who the user is.
The secret is what you want to hash your token with, it's like a salt, it's for security purposes. The data time string is for the expiry date, when do you want the token to expire, the issue identifier is a reference to the website that generated the token, this could be a URL for example.
I hope that info helps. Let me know if you have any further questions.
Thanks for your fast answer, i understood more now ! But I still have few questions 🙈
When I want to create my token, I write for example
Token::getToken('24', 'sha256, 1*,2*)
1*) According to you, what is the best dateExpiry ?
2*) When you say that the issue identifier is a reference to the website that generated the token, what do you mean by that ? I thought that was your method who created the toked.
And if the meaning of "generated" is the side that ask for creating the token (i.e my iOS app), is the issue id the bundle id of the App ?
Ps: thanks you a lot, really, and sorry for my misunderstanding
Of words, i'm new to the english too :)
The expiry should be relatively short, I would say minutes. You should also create a way for you to update tokens as Facebook does. Facebook tokens last for about 60 minutes and if you want to continue making requests after 60 minutes you have to trade the current token for a new token before the current token expires.
The issue identifier is the application that creates the token, not the application or user who asks for the token.
eg
User 1 asks for a token
Website A creates and returns the token to User 1.
In this scenario the issue identifier would be "Website A"