Enable re-issue of JWT tokens with refreshTokens #53

heysailor · 2018-04-13T17:06:11Z

No description provided.

heysailor · 2018-04-13T17:07:53Z

Allows improving JWT security as discussed in #52

heysailor · 2018-04-14T17:51:58Z

Handles the re-issue of expiring JWT tokens - helps fix #52

Adds:

GET auth/refresh which is called with valid JWT as an Authorization Bearer token, as is usual practice, produces a refreshToken for that user
POST auth/refresh which is called with a valid refreshToken in the request body, produces a new JWT token for that user
onRefreshRequest handler which allows block of the refresh request, ie blacklist checking
refreshTokenExpiry which sets the validity of the refreshToken.

nickredmark · 2018-04-23T10:27:50Z

Awesome thanks!

Enable expiration of JWT token

1b09f7f

Handle issue and use of refreshTokens with standard token headers

b4ae64b

heysailor changed the title ~~Enable expiration of JWT token~~ Enable re-issue of JWT tokens with refreshTokens Apr 14, 2018

heysailor added 2 commits April 14, 2018 19:00

Refresh tokens should work when JWT expired.

950225f

Add post-backend access handler

e6fa2e4

nickredmark merged commit ea1076c into nickredmark:master Apr 23, 2018

nickredmark added this to Backlog in Ooth Jun 1, 2018

nickredmark moved this from Backlog to Prioritized in Ooth Jun 1, 2018

nickredmark moved this from Prioritized to Doing in Ooth Jun 1, 2018

nickredmark moved this from Doing to Done June 2018 in Ooth Jun 1, 2018

Provide feedback