search

Police-Data-Accessibility-Project / data-sources-app

An API and UI for using and maintaining the Data Sources database
MIT License
4 stars 5 forks source link

Standardize auth token responses #491

Closed joshuagraber closed 2 weeks ago

joshuagraber commented 1 month ago

Context

There are several paradigms for auth API responses with access tokens and refresh tokens. Originally this was built without refresh tokens (not a great idea). @maxachis updated the /login endpoint to return this:

Screenshot 2024-10-23 at 9 07 27 AM

But the /refresh_tokens endpoint still returns this:

Screenshot 2024-10-23 at 9 07 34 AM

Requirements

{
  access_token: String,
  refresh_token: String,
  message?: String
}

Tests

I'll leave that up to @maxachis

Docs

Open questions

maxachis commented 2 weeks ago

@joshuagraber Should I assume this also means that we will be regenerating the refresh token and invalidating the prior one when /refresh-session is called? That appears to be the standard, from what I've glanced at, but I want to double check.

joshuagraber commented 2 weeks ago

Yes @maxachis, I think that's usually the best way to go about it.