GENERATE A RANDOM AUTH TOKEN class User before_save :generate_auth_token def generate_auth_token loop do self.auth_token = Devise.friendly_token break if User.find_by_auth_token(auth_token).nil? end end end
Authentication Tokens • auto-generated, random, unique (not shared across multiple services). • when compromised can be renewed easily with little user inconvenience
iss: The issuer of the token sub: The subject of the token aud: The audience of the token exp: This will define the expiration in NumericDate value. nbf: Defines the time before which the JWT MUST NOT be accepted for processing iat: The time the JWT was issued. Can be used to determine the age of the JWT BODY CLAIMS