Implement Refresh Token Mechanism for Persistent Sessions #160
No reviewers
Labels
No labels
CI/CD
MongoDB
PostgreSQL
api
authentication
bug
documentation
duplicate
enhancement
example issue
fix
good first issue
help wanted
high-level requirement
infrastructure
invalid
low-level requirement
medium-level requirement
question
security
test
wontfix
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
AndreFerreira5/starranja!160
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "implement_refresh_token"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Allows us to keep access_tokens short-lived while allowing users to maintain a persistent session without re-entering their credentials. This flow involves issuing a long-lived, single-use refresh_token that is stored securely in the database (hashed) and can be exchanged for a new, short-lived access_token.
closes #28
The code looks consistent and well aligned with the fundamental operation requested in the parent issue:
" Implement Refresh Token Mechanism for Persistent Sessions #160 "