Henrik Wirth

@jasonbahl Not sure what you mean with User secrets, but as of my understanding a refresh token should be this secret, which is associated with the user and it should...

Hi @ricksteruk, so for the expiry time you can just use the token itself. It always is encoded in the JWT. I use [jwt-decode](https://github.com/auth0/jwt-decode#readme) for it. Then if you want...

@ricksteruk you might also need to use the CORS plugin (https://github.com/funkhaus/wp-graphql-cors) and enter your frontend domain. Don't activate the login mutation though.

You can't see them in Gatsby, since this is something dynamic and not static. You have to use something like Apollo Client to make the GraphQL connection. Then you just...

Maybe this would rather make sense as a boolean filter in the registration/login mutation?

Thanks for clarifying. For invalidating the Refresh Tokens/ changing user_secret: Is there a mutation for it? So the user can do something like **Logout of all clients**?

@jasonbahl Okay so i just tried the `refreshUserSecret` and it works to create a new User Secret, but the old Auth Tokens still works. I can use the old Auth...

Hi @kepi0809 I'm wondering how present this issue is, as I'm trying to clean up all the issues in this repo to manage priorities?

I just added `$auth_token_is_stateful`, so we can decide on one point in the code, if the auth_token is stateful or not. Then we only need a way for the user...

Same Problem here: ```const options = { minify: false, use: ['postcss-pxtorem', 'postcss-mixins', 'postcss-nested', 'postcss-for', 'postcss-calc'], stylelint: lint, autoprefixer: { browsers: ['ie >= 10', 'ie_mob >= 10', 'ff >= 30', 'chrome...