user verification | Scrimba | Page 1

glacial ivy Oct 9, 2024, 3:07 PM

#

userId is a UUID,
verificationToken is being generated with crypto and the token will be valid for 15 min(verificationToken and token_expiration fields in database)

My question is which approach is better:
A) send both the userId and verificationToken in the url in email ex: https://host/verify-account/userId/verificationToken or https://host/verify-account/userId=userId&token=verificationToken
B) encrypt the userId and verificationToken with a secure method ex: secureMethod(`${userId}.${verificationToken}) and send this encrypted token in mail: https://host/verify-account/encrypted-token
then when the user clicks on the link the backend will read this encrypted token descypts it and perform a db operation(find the user and then compare the verificationToken with the db value.

runic hollow Oct 9, 2024, 4:07 PM

#

Hi @glacial ivy , from what i have seen in backend systems. Devs normally go with this https://host/verify-account/userId?token=verificationToken

glacial ivy Oct 9, 2024, 6:05 PM

#

runic hollow Hi <@487634859460657197> , from what i have seen in backend systems. Devs normal...

so option A?

runic hollow Oct 9, 2024, 6:29 PM

#

glacial ivy so option A?

Yes

#user verification