A demonstration of how to use refresh tokens using hapi.js
- Ensure you have nvm and REST Client installed
- Run
nvm useand install the desired version - Run
npm ci - Using the output of the following command (run it twice), add the below environment variables to your
.bashrcor similar. Be sure to source your terminal afterwards:
# command
$ node -e "console.log(require('crypto').randomBytes(64).toString('hex'));"
# variables
export HAPI_LOGIN_ACCESS_TOKEN_SECRET="<first_output>"
export HAPI_LOGIN_REFRESH_TOKEN_SECRET="<second_output>"- Run
npm start
Within routes.http, send a request to the /login endpoint. Enter a username when prompted. Within 5 seconds, send a request to /greet. Notice that after 5 seconds your access token will expire and must be refreshed. Send a request to /refresh to continue greeting the user. Now send a request to /logout. Attempt to refresh your access token and observe that with your refresh token now invalidated, you cannot request another access token without logging in again