Why is the accessToken not encrypted by default?
Hi, why is the accessToken in
account not encrypted by default e.g for discord in our persistence?
And what's the easiest way to encrypt/decrypt it? Creating a custom plugin would do the job, I guess? thanks ! 🙂Solution:Jump to solution
After discussing with @bekacru we'll be implementing this built-in.
Right now it could be possible via custom plugin - but I'm not 100% certain on this.
Our future plans (roughly) are:
* Encrypt accessToken by default...
12 Replies
Solution
After discussing with @bekacru we'll be implementing this built-in.
Right now it could be possible via custom plugin - but I'm not 100% certain on this.
Our future plans (roughly) are:
* Encrypt accessToken by default
* Provide
auth.$context.decryptAccessToken or something like that.
* Provide options to configure access token encryption under options.account.accessToken
* options.account.accessToken.disableEncryption - boolean
* options.account.accessToken.encrypt - fn to encrypt
* options.account.accessToken.decrypt - fn to decrypt
* potentially others.you can encrypt it using db hooks. You don't need to make a plugin
Yeah i can but there's no hook when I'd retrieve it? to decrypt
So i'd have to check on some request hooks and modify the payload on the fly maybe?
if there's an account?
Thanks for the explanations, would be super cool 😋
You should make an endpoint to retrive user accounts
thanks it's gonna work like that, and more broadly thanks for your work on this lib @bekacru @Ping 🙏
any ETA for this ? 🙂
+ would it be possible to choose our own encrypt / decrypt function (with same kind of API you provide for secondary storage) ?
interface SecondaryStorage {
get: (key: string) => Promise<string | null>;
set: (key: string, value: string, ttl?: number) => Promise<void>;
delete: (key: string) => Promise<void>;
}I'm pretty sure it's merged, but I'll double check.
from the doc
Yeah that sounds right
so not implemented for now right ?
it's on a beta release should be tagged latest this friday
@bekacru it tells about encryption but what about decryption, wanted to know how to implement it