kasvith
commented
5 years ago For refresh tokens we could do something similar to I did in one of my side projects Refer here and here
Usually, refresh tokens are once generated and never expires(at least lives for a very long time like a year).
Access tokens are short lived.
So in here, we can generate a refresh token for a user and store it(lets say we give an expiry option in config). It can be revoked by a revoke endpoint.
This would indeed be a nice feature which would let create cool applications.
Also we could create frontends based on different technologies and offer boilerplates for them using this :)
@kasvith what do you think about implementing refresh token which would be stored in mongo and would be "refreshed" on every user call so we could write service which would check when last call was and not allow action if for example last call was few hours ago (expire access token)?