Rather than providing the Github Access Token directly (which cannot be expired), let's replace it with a JWT whose expiration we can set, so as to limit what is exposed to the outside world.
Requirements
Replace GitHub Access Token provided by /callback with a JWT that wraps the access token, with an expiration of 5 minutes.
Replace logic in /login-with-github and /link-to-github with logic that unwraps the JWT and extracts the access token
This should not affect any frontend logic.
Tests
Tests should continue to function as they did previously with this change.
Context
Rather than providing the Github Access Token directly (which cannot be expired), let's replace it with a JWT whose expiration we can set, so as to limit what is exposed to the outside world.
Requirements
/callbackwith a JWT that wraps the access token, with an expiration of 5 minutes./login-with-githuband/link-to-githubwith logic that unwraps the JWT and extracts the access tokenTests
Docs
Open questions