We have created a server with JWT authentication and we wanted the tokens to expire after a time. In order to not force the user to authenticate again every time the token expire, we implemented a resource to refresh this token automatically. Now we have a security doubt. What if someone take your refresh token?? How do you have solved this problem?? We are thinking about manual Refresh token rejection by admins, but we are not sure about this solution. What do you think?
We wrote some notes about this: https://solidgeargroup.com/refresh-token-with-jwt-authentication-node-js -- Job board: http://jobs.nodejs.org/ New group rules: https://gist.github.com/othiym23/9886289#file-moderation-policy-md Old group rules: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/nodejs/530d06f3-d328-46a4-ae89-1c64b2738591%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
