I am using devise_token_auth and I met a weird scenario.
I have only one user in my database, and when I ask in the console for his tokens, I get this:
$ user.tokens
{
"_5_Mh40SfQvsnkerykJMIw"=>{
"token"=>"$2a$10$EScwGJLVba9oN1uek0m0bOy6.nyRq9q6yFO25nKbiPCOslUEwBrFi",
"expiry"=>1527942239,
"last_token"=>nil,
"updated_at"=>"2018-05-19T14:23:59.127+02:00"
}
}
so now I want a new token, so I execute the following:
$ user.create_new_auth_token
And this is the response to that call
"access-token"=>"Uof0cB0KcI5RH-GFOCezDw",
"token-type"=>"Bearer",
"client"=>"J_Bb35u9pcBCUSLuzP8axA",
"expiry"=>"1527942277",
"uid"=>"eddie@me.com"
Which should be the new token, right? So I check again the tokens of the user:
$ user.tokens
{
"_5_Mh40SfQvsnkerykJMIw"=>{
"token"=>"$2a$10$EScwGJLVba9oN1uek0m0bOy6.nyRq9q6yFO25nKbiPCOslUEwBrFi",
"expiry"=>1527942239,
"last_token"=>nil,
"updated_at"=>"2018-05-19T14:23:59.127+02:00"
},
"J_Bb35u9pcBCUSLuzP8axA"=>{
"token"=>"$2a$10$trmOQQOnQRfMXGk0s8XS5ufUl9OHDnPcK7f4M4qXfGggj4gCUIc12",
"expiry"=>1527942277,
"last_token"=>nil,
"updated_at"=>"2018-05-19T14:24:37.637+02:00"
}
}
Now, do you see the problem? The new client J_Bb35u9pcBCUSLuzP8axAmatches but the access-token I received when I created the new token (Uof0cB0KcI5RH-GFOCezDw) does not match with the one stored in the database ($2a$10$trmOQQOnQRfMXGk0s8XS5ufUl9OHDnPcK7f4M4qXfGggj4gCUIc12)
Why is that? I thought that the response, when creating a new token, would
be that same token. What does the access-token mean? What is it for?
Why is that? I thought that the response, when creating a new token, would be that same token.
That happens because the access-token is saved encrypted in the DB, as explained here.
What does the access-token mean? What is it for?
It is a token that serves as the client's access identification (like a password) for every request, so it should not be stored as plain text.