Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Advance refresh token #48

Open
5 tasks
asad-mlbd opened this issue Nov 24, 2020 · 0 comments
Open
5 tasks

Advance refresh token #48

asad-mlbd opened this issue Nov 24, 2020 · 0 comments
Assignees
@asad-mlbd
Labels
enhancement New feature or request

Comments

@asad-mlbd
Copy link
Contributor

asad-mlbd commented Nov 24, 2020
edited
Loading

Currently, the refresh token feature is implemented in a simple stateless way. Here are some of advanced features we have to discuss for further enhancement.

  • User entity can have isActive flag so that we can sometimes block a user to generate new auth token thru refresh token or log in.
  • Currently refresh token is stateLess (not saving it in DB). We can make some module configuration to save refreshToken in DB.
  • For stateful we can have configuration value to decide whether to keep multiple refreshToken alive for same user at a time.
  • Optionally we can save device id to keep track of devices logged in.
  • For stateful refresh token, we have to write logout API, and optional parameter top logout from all device.
Authmodule.forRoot({
   stateLessTokenRefresh: true, // will not save, or check refresh token validity in db
   supportMultiDeviceLogin: true, // will store multiple refresh token for one user
})
@asad-mlbd asad-mlbd added the enhancement New feature or request label Nov 24, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@asad-mlbd asad-mlbd

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@asad-mlbd