Implement Refresh Token Flow - Githubissues

Phastboy / buddy

Buddy is a comprehensive web application designed to enhance learning experiences.

0 stars 0 forks source link

Implement Refresh Token Flow #27

Open Phastboy opened 2 weeks ago

Phastboy commented 2 weeks ago

Enable users to refresh their session without needing to log in again by providing a refresh token that can generate a new JWT.

Tasks:

Step 1: Add a Refresh Token Field to User Model

Store a refreshToken in the user model (MongoDB) to track active refresh tokens if needed.

Step 2: Generate Refresh Tokens in `apps/auth`

Generate a refresh token with a longer expiration time (e.g., 7 days) during user login or registration.
Return the refresh token along with the JWT in the response.

Step 3: Create an Endpoint to Exchange Refresh Tokens

Implement a new endpoint in apps/auth to handle requests for refreshing the JWT.
Verify the refresh token and, if valid, issue a new JWT and refresh token.

Step 4: Set the Refresh Token in `apps/buddy`

Modify apps/buddy to securely store the refresh token in an HttpOnly cookie or part of the response.

Step 5: Test the Refresh Token Flow

Test the refresh token flow to ensure users can exchange expired JWTs for new ones.

Acceptance Criteria:

Refresh token is issued on registration or login.
The refresh token flow works correctly, issuing a new JWT when the old one expires.