75 Introduces a refresh simple token mechanism. This can be improved upon.
Feature
Simple version (#75) reissues access JWT based on refresh JWT as-is (except for the validity window being anew). But it does not check revalidate with auth backed in the information is still accurate (e.g. against LDAP if user is still there, if has still the same groups, etc)
Proposed Solution [Optional]
Solution Ideas:
Implement user info reload mechanism and use it when refreshing access JWT token - e.g. for LDAP, an AD service user, user information retrieval layer must be added to check no change has happened in the meantime.
Background
75 Introduces a refresh simple token mechanism. This can be improved upon.
Feature
Simple version (#75) reissues access JWT based on refresh JWT as-is (except for the validity window being anew). But it does not check revalidate with auth backed in the information is still accurate (e.g. against LDAP if user is still there, if has still the same groups, etc)
Proposed Solution [Optional]
Solution Ideas:
Some other ideas in Based on https://www.geeksforgeeks.org/jwt-authentication-with-refresh-tokens/ - considerations around the refresh token being regenerated each time and not being reused?