Package eu.webtoolkit.jwt.auth

Class Token

java.lang.Object

eu.webtoolkit.jwt.auth.Token

public class Token
extends Object

An authentication token hash.

An authentication token is a surrogate for identification or authentication. When a random authentication token is generated, it is a good practice to hash it using a cryptographic hash function, and only save this hash in the session or database for later verification. This avoids that a compromised database would leak all the authentication tokens.

The token can be used for multiple purposes, denoted by the token's name in the browser. In both cases it is used for "remember-me" functionality. For regular authentication this is for the normal username/password combination login. For MFA authentication this is used in a similar fashion to remember the MFA verification. That means a User will not have to submit a TOTP code each time they log in. But only as often as the developer desires (managed by AuthService#setMfaTokenValidity()).

See Also:

• User.addAuthToken(Token token)
• User.setEmailToken(Token token, EmailTokenRole role)

Constructor Summary

Constructors

Constructor	Description
Token()	Default constructor.
Token(String hash, WDate expirationTime)

Method Summary

Modifier and Type	Method	Description
WDate	getExpirationTime()	Returns the expiration time.
String	getHash()	Returns the hash.
boolean	isEmpty()	Returns whether the token is empty.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

Token

public Token()

Default constructor.

Creates an empty token.

Token

public Token(String hash,
 WDate expirationTime)

Method Details

isEmpty

public boolean isEmpty()

Returns whether the token is empty.

An empty token is default constructed.

getHash

public String getHash()

Returns the hash.

getExpirationTime

public WDate getExpirationTime()

Returns the expiration time.