I don't understand how <https://ktor.io/docs/jwt.h...
# ktorc
CLOVIS
02/15/2021, 7:28 PMI don't understand how https://ktor.io/docs/jwt.html works: the given code (if I understand it correctly) checks that the client has a valid token (ie. signed by the server), but there is nothing on how to send a token to the client. How can the client have a valid token if the server doesn't provide any way to generate it?
s
Sean Keane
02/17/2021, 1:39 AMYou need to generate it using a hashing algorithm. When the user logs in validate the hashed version of the password to the one you have stored in the DB. If its a match then return it to the client in the response body of the login request.
c
CLOVIS
02/17/2021, 12:34 PMDo you know if there is an example/open source code that does this? I don't really understand how it would look like
s
Sean Keane
02/17/2021, 5:28 PM Copy code
fun hash(password: String): String {
val hmac = Mac.getInstance(HMACSHA1)
hmac.init(hmacKey)
return hex(hmac.doFinal(password.toByteArray(Charsets.UTF_8)))
}6 Views