You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As a system, a refresh token is required so that the user does have to re-authenticate when their JWT token expires.
The current JWT token has an expiration time of 30 minutes which forces the user to re-authenticate. It is frustrating to fill out a vulnerability form only to receive a HTTP 401 message because the token expired.
I prefer to keep the JWT tokens stateless.
Acceptance criteria
Implement a second refresh token which is created on authentication.
The refresh token should have a longer expiry date than the current auth token.
The refresh token should be stored along side the auth token in local storage.
The HTTP interceptor should be modified to handle the expiration of a token.
A refresh API token should be implemented that will seamlessly create new tokens and return to the client
The HTTP interceptor should seamlessly store these tokens in local storage
The text was updated successfully, but these errors were encountered:
Once an auth token expires, the refresh API is called and new tokens are created and stored in local
storage. After the tokens are stored, the original request is resent with the new auth token to
complete the transaction seemlessly
feat #5
As a system, a refresh token is required so that the user does have to re-authenticate when their JWT token expires.
The current JWT token has an expiration time of 30 minutes which forces the user to re-authenticate. It is frustrating to fill out a vulnerability form only to receive a HTTP 401 message because the token expired.
I prefer to keep the JWT tokens stateless.
Acceptance criteria
The text was updated successfully, but these errors were encountered: