Why is the accessToken not encrypted by default?
Hi, why is the accessToken in
And what's the easiest way to encrypt/decrypt it? Creating a custom plugin would do the job, I guess? thanks !
account not encrypted by default e.g for discord in our persistence?And what's the easiest way to encrypt/decrypt it? Creating a custom plugin would do the job, I guess? thanks !
Solution
After discussing with @bekacru we'll be implementing this built-in.
Right now it could be possible via custom plugin - but I'm not 100% certain on this.
Our future plans (roughly) are:
Right now it could be possible via custom plugin - but I'm not 100% certain on this.
Our future plans (roughly) are:
- Encrypt accessToken by default
- Provide
auth.$context.decryptAccessTokenor something like that. - Provide options to configure access token encryption under
options.account.accessTokenoptions.account.accessToken.disableEncryption- boolean
options.account.accessToken.encrypt- fn to encrypt
options.account.accessToken.decrypt- fn to decrypt
- potentially others.
