Uses JWT (JSON Web Tokens) to authenticate users. This digitally signs our data, so we can store some data such as user ID, and
we sign it, so it is 100% tamper-proof. This removes the need for an extra database request to convert the random token to a user ID.
However, anyone can decode and read the contents of it, so we can only store non-confidential data, like user IDs.
Although it's tamper-proof, we will still use the access/refresh token model, and regularly expire the real token, in case it gets stolen
from the client.
Uses JWT (JSON Web Tokens) to authenticate users. This digitally signs our data, so we can store some data such as user ID, and we sign it, so it is 100% tamper-proof. This removes the need for an extra database request to convert the random token to a user ID. However, anyone can decode and read the contents of it, so we can only store non-confidential data, like user IDs. Although it's tamper-proof, we will still use the access/refresh token model, and regularly expire the real token, in case it gets stolen from the client.