|
Wt
4.11.1
|
An authentication token hash. More...
#include <Wt/Auth/Token.h>
Public Member Functions | |
| Token () | |
| Default constructor. More... | |
| Token (const std::string &hash, const WDateTime &expirationTime, const std::string &purpose, const std::string &scope, const std::string &redirectUri) | |
| Constructor. | |
| bool | empty () const |
| Returns whether the token is empty. More... | |
| const std::string & | hash () const |
| Returns the hash. | |
| const WDateTime & | expirationTime () const |
| Returns the expiration time. | |
An authentication token hash.
An authentication token is a surrogate for identification or authentication. When a random authentication token is generated, e.g. using WRandom::generateId() it is a good practice to hash it using a cryptographic hash function, and only save this hash in the session or database for later verification. This avoids that a compromised database would leak all the authentication tokens.
The token can be used for multiple purposes, denoted by the token's name in the browser. In both cases it is used for "remember-me" functionality. For regular authentication this is for the normal username/password combination login. For MFA authentication this is used in a similar fashion to remember the MFA verification. That means a User will not have to submit a TOTP code each time they log in. But only as often as the developer desires (managed by AuthService::setMfaTokenValidity()).
| Wt::Auth::Token::Token | ( | ) |
Default constructor.
Creates an empty token.
| bool Wt::Auth::Token::empty | ( | ) | const |
Returns whether the token is empty.
An empty token is default constructed.
1.9.1