-
Notifications
You must be signed in to change notification settings - Fork 2.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Stale moduledoc for Token
regarding token secrecy
#5757
Comments
@ollien you are correct, can you please send a PR and ping me? I'd be glad to review it and merge it! |
Absolutely! I need to find some time (life is getting in the way this week), but it's on my list :) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Environment
Actual behavior
The moduledoc for
Token
statesThis is definitely true of
Token.sign/4
, butToken.encrypt/4
seems to perform actual encryption (Phoenix Implementation, which invokes thePlug.Crypto
implementation). Doing some archeology, it looks like this snippet was written a few years before the implementation ofToken.encrypt/4
.Expected behavior
The docs should reflect current behavior of the module. Now, perhaps someone shouldn't send credit card numbers to the frontend, but it would seem that the implementation does provide secrecy. Please do let me know if I'm off-base, though, and there's some caveat about this crypto that I'm not seeing.
The text was updated successfully, but these errors were encountered: