-
Notifications
You must be signed in to change notification settings - Fork 380
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Proposal Guardian Refresh Tokens #111
Comments
Hey @Hanspagh. Guardian provides a refresh! function. Checkout Guardian.refresh! |
Yes, I know but that only allows us to make a new token from an valid existing one. The feature I am requesting is to create a new token without having a valid token, but from a refresh token. Like described here https://auth0.com/docs/refresh-token |
Refresh tokens are tricky. There's a couple of ways to do them that spring to mind.
I'd be down for adding an exchange function I think. It's been on my todo list for a while I just haven't had the motivation to actually write it. Thoughts? |
My first thought was to implement it like you described in 1. and then add it as dependency like GuardianDb. But 2. seems to integrate much better into the existing code and being able to reuse GuardianDb instead of writing a db integration again seems to be a big win. |
When you say it should not go in the Guardian lib, do you then mean it should be a lib like GuardianDb or should it be part of the core. |
I think it should be a separate lib like guardian db |
Awesome, Will start working on something |
Sounds great. I'd love to see it when you have something. |
I made a VERY simple initial commit on the Refresh Token project, and I thought you might wanted to take a quick look at it, just to see if I am on the right track. |
Has there been any progress on providing a solution for refresh tokens, or at least a recommended way of doing it yourself? |
We are currently working on it.
Later you can verify that a token is a 'refresh token' and issue a shorter living access token. Hope this helps |
A common use case for many api's that are consumed by mobile app's is to get a new token without re-authenticating to avoid contentiously prompt users with login screens. This is most commonly done with refresh tokens. Would it be an idea to make a project similar to GuardianDb to implement this behavior?
The text was updated successfully, but these errors were encountered: