You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello.I have recently started studying Paseto.As a person coming from a JWT background I am used to the refresh token idea(when my JWT expires I get a new one by providing a special key)
Now as an alternative for JWT authentication paseto provides the public purpose tokens.Now my question is this. When a token expires what should I do ? Is there any way to refresh that token or do I need to prompt the user to enter their login credentials so I can sign a new token?
The text was updated successfully, but these errors were encountered:
Your question is from an OAuth2 background, not a JWT background.
JWT doesn't have a concept of request/access tokens. Other standards do. Those standards just so happen to use JWT as a means of encoding these tokens.
You can use a PASETO for the same purpose, yes.
The plan is, after the XChaCha20 RFC passes, to focus on formalizing PASETO as an IETF RFC and then get it into OpenID Connect as a JWT alternative.
kounelios13
changed the title
Is there a refresh token concept for public person
Is there a refresh token concept for public purpose
Aug 25, 2019
Hello.I have recently started studying Paseto.As a person coming from a JWT background I am used to the refresh token idea(when my JWT expires I get a new one by providing a special key)
Now as an alternative for JWT authentication paseto provides the
public
purpose tokens.Now my question is this. When a token expires what should I do ? Is there any way to refresh that token or do I need to prompt the user to enter their login credentials so I can sign a new token?The text was updated successfully, but these errors were encountered: