Renew expired token without metamask - aka JWT refresh token

bytesbay / web3-token

Web3 Token is a new way to authenticate users in a hybrid dApps using signed messages. Implementation of EIP-4361.

380 stars 50 forks source link

Renew expired token without metamask - aka JWT refresh token #32

Closed iangregsondev closed 2 years ago

iangregsondev commented 2 years ago

Hi,

I am trying to use this to replace a JWT flow.

i was wondering what options we have to automatically refresh a token using some kind of refresh token ?

so we can safely expire these tokens BUT we can re-create them without user interaction..

This is pretty much a similar flow to JWT with refresh tokens.

Has anybody figured this out yet ?

Or maybe its not needed ?

Thanks in advance

7flash commented 2 years ago

My application requires user to sign only once.. then his signature is verified and saved in the table associated with account id.. next request user provides same signature.. and account name is found by simple search of signature in the table.. even if its expired its still valid.. its not being verified again

bytesbay commented 2 years ago

Wallets have to implement this feature (something like renewable sign), it's not possible from this module's side.