I am trying to write an API that allows the user to reset their password via their email.
I have been following https://www.smashingmagazine.com/2017/11/safe-password-resets-with-json-web-tokens/, but I am a bit confused. They are sending the email and user_id in the payload as JSON, but they never actually need this information. The only time they use the payload data is when they could easily retrieve the same data from another source.
So what is the point in sending it?
http://dlvr.it/S0mXpY
G:7-Security (Cyber Security Research and Global Information Security Services)
No comments:
Post a Comment