Thanks for pointing out, actually in early stage of the source code, access token was being saved to the database on user sign up. And authentication middleware will test for a match between the access token in the request header versus the one in the DB.
The problem with this method is that it beats the logic of stateless authenication where there should be no DB lookups in the authentication middleware. So I changed the source code to depict pure stateless authentication and forgot to change some parts of the article like you have mentioned.
I shall update the article to 100% confer with what the source code in github is doing; answering "the why" and "how".
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Thanks for pointing out, actually in early stage of the source code, access token was being saved to the database on user sign up. And authentication middleware will test for a match between the access token in the request header versus the one in the DB.
The problem with this method is that it beats the logic of stateless authenication where there should be no DB lookups in the authentication middleware. So I changed the source code to depict pure stateless authentication and forgot to change some parts of the article like you have mentioned.
I shall update the article to 100% confer with what the source code in github is doing; answering "the why" and "how".