Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Overhaul refresh token property #3

Merged
merged 6 commits into from
Jul 22, 2022
Merged

Overhaul refresh token property #3

merged 6 commits into from
Jul 22, 2022

Conversation

pilcrowOnPaper
Copy link
Member

Now saves an encrypted version of the refresh token inside cookies instead of the refresh token. Also rotates refresh tokens for added security.

Jul. 21, 2022

  • [Breaking] Lucia saves encrypted_refresh_token instead of refresh_token
  • [Breaking] authenticateUser() and createUser() returns a different object
  • [Breaking] Lucia requires env config
  • [Breaking] fingerprint cookie is renamed to fingerprint_token
  • [Breaking] Refresh tokens are re-issued when access tokens are refreshed and the old token is invalidated.
  • [Breaking] autoRefreshAccessToken and refreshAccessToken (client) are replaced by autoRefreshTokens and refreshTokens respectively
  • [Breaking] All refresh tokens prior to this update is invalid
  • [Breaking] types LuciaUser and LuciaSvelteKitSession is renamed to User and SvelteKitSession
  • [Breaking] refreshAccessToken (server) is replaced by refreshTokens
  • All refresh tokens belonging to a user will be invalidated if a token refresh is attempted using a previous refresh token
  • Refresh tokens and fingerprint tokens are now stored for 1 year instead of 5
  • All cookies are deleted if a invalid refresh token or fingerprint token is passed

@vercel
Copy link

vercel bot commented Jul 22, 2022

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Updated
lucia-sveltekit ✅ Ready (Inspect) Visit Preview Jul 22, 2022 at 5:41AM (UTC)

@pilcrowOnPaper pilcrowOnPaper changed the title Overhual refresh token property Overhaul refresh token property Jul 22, 2022
@pilcrowOnPaper pilcrowOnPaper merged commit b3eb2ed into main Jul 22, 2022
@pilcrowOnPaper pilcrowOnPaper deleted the overhual-refresh-token-property branch July 22, 2022 05:41
@pilcrowOnPaper pilcrowOnPaper mentioned this pull request Jul 22, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@pilcrowOnPaper