Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refresh and access token #25

Open
d0peCode opened this issue Jul 2, 2019 · 1 comment
Open

Refresh and access token #25

d0peCode opened this issue Jul 2, 2019 · 1 comment

Comments

@d0peCode
Copy link
Contributor

d0peCode commented Jul 2, 2019

@kasvith what do you think about implementing refresh token which would be stored in mongo and would be "refreshed" on every user call so we could write service which would check when last call was and not allow action if for example last call was few hours ago (expire access token)?
@kasvith
Copy link
Owner

kasvith commented Jul 2, 2019

For refresh tokens we could do something similar to I did in one of my side projects
Refer here and here

Usually, refresh tokens are once generated and never expires(at least lives for a very long time like a year).

Access tokens are short lived.

So in here, we can generate a refresh token for a user and store it(lets say we give an expiry option in config). It can be revoked by a revoke endpoint.

This would indeed be a nice feature which would let create cool applications.

Also we could create frontends based on different technologies and offer boilerplates for them using this :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kasvith @d0peCode