Michael Babker
Michael Babker
I'll go through this at some point in the next few days. FWIW my idea if I ever found time was to build this out as a functional template using...
It isn't my aim to create a fully functional template with all the features of Bootstrap 3 represented. Building a template based on Bootstrap's starter implies also building out layouts...
Nah, that's just bad wording. As long as the refresh token is valid then you're good; on a successful refresh, the refresh endpoint generates a new JWT.
An expired JWT can’t be considered valid in the same way an expired session can’t be resumed. Very loosely, the refresh token can be compared to a remember me cookie;...
> I have indeed doubts about the security of this system... If your database leaks, the refresh token values being stored in plaintext is the least of your concerns. While...
> I would have thought that asking, in addition to the refresh token, at least a correctly signed JWT token, even expired, containing the username, would be a much better...
If I'm being totally honest, I would not feel comfortable merging this implementation into any of my apps. This isn't to say the implementation is flawed, but IMO coupling the...
Setting the `user_identity_field` config has no practical use anymore; in fact, that config node is deprecated. As for changing the column name (or database schema in general), keep an eye...
The 1.1 release should have fixed this.
You have two options: 1) Sort it so that the authenticators are (in order) `json_login`, `refresh_jwt`, `jwt`; at runtime, the order they're executed in is based on the order they're...