I use this library here: https://github.com/firebase/php-jwt Apparently, in order to encrypt / decrypt the token a secret key is needed.
If I want to generate my own unique key for security for each token, then how do I know who, what key if I will not store tokens in the database?
How does anyone approach this issue?
If you want to use a unique key, you will have to store it somewhere, since it must be completely random. This may be a database, it may be a file, but this does not change the essence.
But there is no sense to create a unique key for each token. This will only complicate the decision, and this is likely to lead to a deterioration in security.
Source: https://ru.stackoverflow.com/questions/626157/
All Articles