Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Enhancement]: Store tokens in database #107

Open
1 task done
jonbarrow opened this issue Aug 9, 2024 · 1 comment
Open
1 task done

[Enhancement]: Store tokens in database #107

jonbarrow opened this issue Aug 9, 2024 · 1 comment
Labels
approved The topic is approved by a developer enhancement An update to an existing part of the codebase

Comments

@jonbarrow
Copy link
Member

Checked Existing

  • I have checked the repository for duplicate issues.

What enhancement would you like to see?

Store tokens in the database. This is not an uncommon practice to do, and would allow us much more flexibility. @SuperMarioDaBom has suggested this in the past, so I'm officially adding it here.

By storing the tokens in a database, we can easily implement a token revoking system. This would allow us to create a "logout from all devices" feature, or revoke specific tokens after certain actions (such as account deletion). It would also allow us to store MUCH more data about the token. Right now tokens are encrypted, and try to store as much information as they can. However both the Wii U and 3DS have a size limit on tokens, so we cannot store ALL data in the tokens (making systems like JWT not viable, this was actually the first system we tried to use). By storing data about the tokens in the database with the token we can store as much data as we want and use the token as a lookup for it.

Any other details to share? (OPTIONAL)

We would still want to keep the token body encrypted and contain some data. There are cases where this is useful to have, such as player tracking in environments where we may not actually care about the players data/account status. We also should likely not store the token as-is in the database, to prevent issues in case that collection is somehow breached. Storing the hashes of tokens should be fine though.

By storing them in the database we can also make use of the Mongo TTL feature to make tokens automatically expire. Though we may not want this, since this data could be useful for tracking login statistics? Although statistics like that can also be better handled in something dedicated.
@jonbarrow jonbarrow added enhancement An update to an existing part of the codebase awaiting-approval Topic has not been approved or denied labels Aug 9, 2024
This was referenced Aug 9, 2024
Open
Draft
@DaniElectra
Copy link
Member

Though we may not want this, since this data could be useful for tracking login statistics? Although statistics like that can also be better handled in something dedicated.

I agree that those statistics should probably be handled in a dedicated way

@DaniElectra DaniElectra added approved The topic is approved by a developer and removed awaiting-approval Topic has not been approved or denied labels Aug 12, 2024
@jonbarrow jonbarrow mentioned this issue Aug 17, 2024
Open
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
approved The topic is approved by a developer enhancement An update to an existing part of the codebase
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jonbarrow @DaniElectra