Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Refresh Token without credentials #148

Open
rafalwawrzyk opened this issue Jan 20, 2022 · 1 comment
Open

Refresh Token without credentials #148

rafalwawrzyk opened this issue Jan 20, 2022 · 1 comment

Comments

@rafalwawrzyk
Copy link

I have question about the jwtRefreshToken. Is it possible to refresh this token if it close to expire without mutation with credentials? Passing credentials is always a security issue, and as i think if we have generated single refresh token why we cant make another mutation with previous refreshToken as we have simillar query with authToken?

@ojohnny
Copy link

ojohnny commented Mar 26, 2022

jwtRefreshToken is automatically refreshed every request and returned in the header x-jwt-refresh, so it is possible to write the appropriate networking middleware to automatically handle this (if your tech stack of choice allows it, of course).

But perhaps an explicit endpoint for this would be good as well? We already have refreshJwtAuthToken, so a refreshJwtRefreshToken might not be a bad idea.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants