implement v1/access/refresh
danielblagy opened this issue · 2 comments
danielblagy commented
- validate resfresh token
- blacklist access & refresh tokens (put them in persistent redis store with expiration)
- issue new access & refresh tokens
Blocked by #32
danielblagy commented
the logic on client side would be: decode access token, check expiration, if it expired, try to refresh tokens by calling v1/access/refresh
danielblagy commented
FOR QA:
Implemented POST v1/access/refresh for refreshing jwt tokens:
1.checks the validity of a refresh token (including the blacklist check)
2. adds current access & refresh token pair to the blacklist
3. issues new access & refresh token pair