server icon indicating copy to clipboard operation
server copied to clipboard
verified publisher icon hashtopolis

[FEATURE]: Frontend access and refresh token

Open cv5ch opened this issue 4 months ago • 0 comments

Description

Handle access and refresh token in the frontend once implemented by the server:

  • auth/token endpoint now returns access and refresh token: Consider how to store them (e.g. access token only in memory and refresh token in HTTPOnly Cookie)
  • Attach access token to resource requests and refresh token to auth/refresh requests.
  • Refresh the access token if it is about to expire or expired by calling auth/refresh with the attached refresh token and save new refresh token.
  • Add functionality to revoke refresh tokens of users by an admin
  • Optionally if server implements it: Make lifetime of tokens configurable by admins maybe in a certain range

Needs #1526

cv5ch avatar Aug 22 '25 09:08 cv5ch