Implement Refresh Token Mechanism for Persistent Sessions #28

Closed
opened 2025-10-17 23:16:45 +00:00 by Rodrigo2003-PT · 0 comments
Rodrigo2003-PT commented 2025-10-17 23:16:45 +00:00 (Migrated from github.com)

Allows us to keep access_tokens short-lived (e.g., 15 minutes) while allowing users to maintain a persistent session (e.g., 7 days) without re-entering their credentials. This flow involves issuing a long-lived, single-use refresh_token that is stored securely in the database (hashed) and can be exchanged for a new, short-lived access_token.

Allows us to keep `access_tokens` short-lived (e.g., 15 minutes) while allowing users to maintain a persistent session (e.g., 7 days) without re-entering their credentials. This flow involves issuing a long-lived, single-use `refresh_token` that is stored securely in the database (hashed) and can be exchanged for a new, short-lived `access_token`.
Sign in to join this conversation.
No description provided.