Lots of tests in this PR. Pull down the code and run. I'd love to try this stuff against your ReactApp.
AuthenticationsController is responsible for logging a user in with their email and password and also deleting their session by logging out
RenewalsController is responsible for attempting to refresh an access token
api/v1/protected/SessionsController is responsible for READONLY access to session information. The refresh token id (RUID) is never transmitted. There is one PATCH/PUT action; invalidate. Passing a SESSION.ID (not RUID) to the invalidate method will attempt to invalidate that session by immediately expiring that refresh token thereby destroying that session's ability to renew the next time the access token expires.
api/v1/protected/UsersController is responsible for User CRUD
Some global notes about this PR:
AuthenticationsController
is responsible for logging a user in with their email and password and also deleting their session by logging outRenewalsController
is responsible for attempting to refresh an access tokenapi/v1/protected/SessionsController
is responsible for READONLY access to session information. The refresh token id (RUID
) is never transmitted. There is one PATCH/PUT action;invalidate
. Passing aSESSION.ID
(notRUID
) to theinvalidate
method will attempt to invalidate that session by immediately expiring that refresh token thereby destroying that session's ability to renew the next time the access token expires.api/v1/protected/UsersController
is responsible for User CRUDLots of TODOs. I'll markup #1 and this PR.