The State Changers had an extensive discussion about security measures and managing authentication tokens, particularly focusing on the "Xano" platform. The question raised was whether it is appropriate to store an auth token on a table or not. Multiple ways of effectively managing auth tokens were discussed, and it was noted that the use case of the auth token should determine its storage.
Recommendations were made to use a refresh token pattern or the approach of creating an endpoint to return a new access token, effectively extending the token's lifespan. It was also suggested to use database-based authentication, similar to the banking sector. This approach would require creating a custom function at the top of various endpoints instead of using Xano's built-in authentication. However, it was acknowledged that while Xano's built-in solution is convenient, it comes with some limitations and risks. Hence, each system should select the best approach based on its specific needs and security considerations. One State Changer promised to compile their implementation into a loom tutorial for review and further discussions. The meeting revealed deep insights into the management and storing of auth tokens and the need for a robust system of maintaining security, particularly when working with Xano. It's suitable for viewers focusing on managing cryptographic authentication, refresh tokens, and dealing with security risks associated with auth tokens.
(Source: Office Hours 6/19 )
