Y
Hacker News
new
|
ask
|
show
|
jobs
by
laurent92
1912 days ago
But then you need to implement token revocation, by the host, the user or the client, and find a cryptographically-secure way to generate the key.
1 comments
wolf550e
1912 days ago
To revoke the token, the server deletes it from the database. If you have the token, you can ask the server to delete it from the database. The cryptographically secure way to generate it is to read 32 bytes from getrandom(2) or from /dev/urandom.
link