ngx-http-auth-jwt-module icon indicating copy to clipboard operation
ngx-http-auth-jwt-module copied to clipboard

Published 20 hours ago verified publisher icon TeslaGov

Refresh token

Open fitzyjoe opened this issue 7 years ago • 0 comments

I would like to support shorter life for tokens. Typically, this is done with 2 tokens. A refresh-token that is used to obtain a short lived bearer token. However, I'd like to keep it simple for my partner apps that are under the umbrella of this single sign on.

I'm considering adding a feature to issue a new token as a Set-Cookie for requests that

  • contain a valid token
  • contain a token that is older than some short period (like a minute - to prevent issuing on every request)
  • contains an authenticated-on JWT claim that has happened within a period (like a day - to prevent chaining these tokens forever)

fitzyjoe avatar Feb 06 '18 23:02 fitzyjoe