Currently, the authentication mechanism in the project relies solely on JWT tokens. While this approach is functional, it can be enhanced for better security and user experience by introducing refresh tokens alongside access tokens.
Current Approach
JWT Tokens: Upon login, a JWT token is issued and used for authenticating subsequent requests to protected routes.
Potential Problem: The JWT token, if compromised, can be used until it expires. Moreover, having a short expiration time requires the user to frequently log in again, which can be inconvenient.
Proposed Enhancement
Implement a dual-token authentication system using Access Tokens and Refresh Tokens.
Proposal
Access Tokens
Short-Lived: Access tokens should have a short expiration time (e.g., 15 minutes).
Usage: Used to access protected routes.
Storage: Stored in the client-side memory (e.g., JavaScript variables).
Refresh Tokens
Long-Lived: Refresh tokens should have a longer expiration time (e.g., 7 days).
Usage: Used to obtain new access tokens when they expire.
Storage: Stored securely, typically in HTTP-only cookies or secure storage mechanisms.
Benefits
Enhanced Security: Even if an access token is compromised, it has a short lifespan, reducing the window of vulnerability.
Improved User Experience: Users remain logged in for longer periods without frequent interruptions for re-authentication.
Granular Control: Allows better control over session management and invalidation.
Please assign this issue to me. I am eager to contribute to this project and would like to implement this enhancement.
Hi there! Thanks for opening this issue. We appreciate your contribution to this open-source project. We aim to respond or assign your issue as soon as possible.
Background
Currently, the authentication mechanism in the project relies solely on JWT tokens. While this approach is functional, it can be enhanced for better security and user experience by introducing refresh tokens alongside access tokens.
Current Approach
Proposed Enhancement
Implement a dual-token authentication system using Access Tokens and Refresh Tokens.
Proposal
Access Tokens
Refresh Tokens
Benefits
Please assign this issue to me. I am eager to contribute to this project and would like to implement this enhancement.