Why is the accessToken not encrypted by default?
Hi, why is the accessToken in
account not encrypted by default e.g for discord in our persistence?
And what's the easiest way to encrypt/decrypt it? Creating a custom plugin would do the job, I guess? thanks ! 🙂Solution:Jump to solution
After discussing with @bekacru we'll be implementing this built-in.
Right now it could be possible via custom plugin - but I'm not 100% certain on this.
Our future plans (roughly) are:
* Encrypt accessToken by default...
5 Replies
Solution
After discussing with @bekacru we'll be implementing this built-in.
Right now it could be possible via custom plugin - but I'm not 100% certain on this.
Our future plans (roughly) are:
* Encrypt accessToken by default
* Provide
auth.$context.decryptAccessToken or something like that.
* Provide options to configure access token encryption under options.account.accessToken
* options.account.accessToken.disableEncryption - boolean
* options.account.accessToken.encrypt - fn to encrypt
* options.account.accessToken.decrypt - fn to decrypt
* potentially others.you can encrypt it using db hooks. You don't need to make a plugin
Yeah i can but there's no hook when I'd retrieve it? to decrypt
So i'd have to check on some request hooks and modify the payload on the fly maybe?
if there's an account?
Thanks for the explanations, would be super cool 😋
You should make an endpoint to retrive user accounts
thanks it's gonna work like that, and more broadly thanks for your work on this lib @bekacru @Ping 🙏