Thanks for the replies. 
In a previous topic, I was told not to use Guardian over Phoenix.Token when not encoding permissions into the token itself. Which gets me to a few questions; do you agree? In the case I am storing the tokens manually and only need to verify and sign it (with a secret key), wouldn’t Phoenix’ approach just do fine? And in the case I am anyway checking against a database whether a token is still valid, why would I need to encode an user id into the token whilst I can just get what user it’s linked to from the previous validating step? Thus, wouldn’t generating a random string securely do the trick instead?
On both cases, signing and generating a random string, why Phoenix.Token and not Joken or any other library? How would you generate a random token, perhaps doing this or using a more dedicated library?
What are the pros and cons from a security perspective? In what way is a signed token safer compared to a random string?
