Discuss possibly saving authorization tokens in database

[spookybear0]

Pros:

• Not having to log in every time the client is opened (alternative would be saving the hashed credentials and getting a new token every time the game is opened)
• Persisting throughout server restarts
• Static token

Cons:

• Slower authentication
• Possible security risk of using static tokens

How do you guys feel about this being implemented? @lotus-gd/backend

[RealistikDash]

We could make the tokens expire after a specific time period, addressing the security concerns of a static token. This is something similar most oauth implementations use, where the client is required to obtain/refresh a token at regular time intervals.

[spookybear0]

Yes, that's a good idea, what time intervals do you think would work.

[RealistikDash]

Anything within the range of 24-72hrs should work

[spookybear0]

Will work on saving tokens in db now.

[RealistikDash]

Yknow, with about 4 months of more knowledge, using redis for the storage of any session details would be great. Redis itself by nature is really fast and can even manage expiration for us.