gunhaxxor
commented
1 week ago I just realized this might not work well as we continuously need to renew the jwt token
Open gunhaxxor opened 3 months ago
gunhaxxor
commented
1 week ago I just realized this might not work well as we continuously need to renew the jwt token
As of now we use sessions (stored in postgres) in the auth server and then continuously fetch jwt from the auth server to autheticate against the other servers.
What we want: Simpler auth flow. Perhaps the following: sessions with "cookiestore". I.e. encrypted session data stored in cookie. then the other servers should be able to just decrypt using shared key for authenciation. Similar/same as jwt, but stored in cookie instead of in browser js memory.