Update Token Service to Manage Refresh Tokens #30

Closed
opened 2025-10-17 23:22:55 +00:00 by Rodrigo2003-PT · 0 comments
Rodrigo2003-PT commented 2025-10-17 23:22:55 +00:00 (Migrated from github.com)

The token_service.py must be expanded to handle the lifecycle of refresh tokens.
Tasks:

  • Implement generate_refresh_token(user_id):
    • Generates a cryptographically secure string (e.g., secrets.token_urlsafe(64)).
    • Hashes the token using password_service.hash_password.
    • Stores the token_hash in the new refresh_tokens table.
    • Returns the plaintext token (to be sent to the client once).
  • Implement validate_refresh_token(plaintext_token):
    • Finds the token by hashing the input and searching for the token_hash.
    • Raises an exception if the token is not found, expired, or revoked.
The `token_service.py` must be expanded to handle the lifecycle of refresh tokens. Tasks: - Implement `generate_refresh_token(user_id)`: - Generates a cryptographically secure string (e.g., `secrets.token_urlsafe(64)`). - Hashes the token using `password_service.hash_password`. - Stores the `token_hash` in the new `refresh_tokens` table. - Returns the *plaintext* token (to be sent to the client once). - Implement `validate_refresh_token(plaintext_token)`: - Finds the token by hashing the input and searching for the `token_hash`. - Raises an exception if the token is not found, expired, or revoked.
Sign in to join this conversation.
No description provided.