Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement Refresh Token #5

Closed
alejandrosaenz117 opened this issue May 9, 2020 · 0 comments
Closed

Implement Refresh Token #5

alejandrosaenz117 opened this issue May 9, 2020 · 0 comments
Assignees
@alejandrosaenz117
Labels
enhancement New feature or request
Milestone
Q2 Goals

Comments

@alejandrosaenz117
Copy link
Collaborator

As a system, a refresh token is required so that the user does have to re-authenticate when their JWT token expires.

The current JWT token has an expiration time of 30 minutes which forces the user to re-authenticate. It is frustrating to fill out a vulnerability form only to receive a HTTP 401 message because the token expired.

I prefer to keep the JWT tokens stateless.

Acceptance criteria

  1. Implement a second refresh token which is created on authentication.
  2. The refresh token should have a longer expiry date than the current auth token.
  3. The refresh token should be stored along side the auth token in local storage.
  4. The HTTP interceptor should be modified to handle the expiration of a token.
  5. A refresh API token should be implemented that will seamlessly create new tokens and return to the client
  6. The HTTP interceptor should seamlessly store these tokens in local storage
@alejandrosaenz117 alejandrosaenz117 added the enhancement New feature or request label May 9, 2020
@alejandrosaenz117 alejandrosaenz117 added this to the Q2 Release milestone May 9, 2020
@alejandrosaenz117 alejandrosaenz117 self-assigned this May 17, 2020
alejandrosaenz117 added a commit that referenced this issue May 17, 2020
@alejandrosaenz117
feat: implemented Refresh Token
21522ac 
Implemented reresh token to refresh session when auth token expires.

BREAKING CHANGE: Update to the login API and jwt middleware

feat #5
alejandrosaenz117 added a commit that referenced this issue May 18, 2020
@alejandrosaenz117
feat(app interceptor): original request now is sent after refresh
5072fce 
Once an auth token expires, the refresh API is called and new tokens are created and stored in local
storage.  After the tokens are stored, the original request is resent with the new auth token to
complete the transaction seemlessly

feat #5
alejandrosaenz117 added a commit that referenced this issue May 18, 2020
@alejandrosaenz117
refactor(login.component): remove console.log. Used auth service func
30eae04 
Removed console log from the onSubmit function.  Replaced code to store tokens in local storage to
use the authService storeToken function.

re #5
@alejandrosaenz117 alejandrosaenz117 mentioned this issue May 18, 2020
Merged
18 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@alejandrosaenz117 alejandrosaenz117

Labels
enhancement New feature or request
Projects
None yet
Milestone
Q2 Goals
Development

No branches or pull requests
1 participant
@alejandrosaenz117