Closed jamesjmeyer210 closed 7 months ago
The refresh token will have the following content:
name
id
These values will be serialized to json, then hashed against the signing key, and finally base64 encoded so that altogether it should look like:
base64(H("{"id":"...","time":"..."}"))
This way, the server will be able to validate the refresh tokens without needed any state beyond the associated jwt.
The refresh token will have the following content:
name
orid
These values will be serialized to json, then hashed against the signing key, and finally base64 encoded so that altogether it should look like:
This way, the server will be able to validate the refresh tokens without needed any state beyond the associated jwt.