CU-djy95a - Make jwt more secure using refresh token and algorithm - Githubissues

kshitijyelpale / blockchain-hyperledger-fabric-electronic-patient-records

GNU General Public License v3.0

49 stars 43 forks source link

CU-djy95a - Make jwt more secure using refresh token and algorithm #53

Closed varshakamath1 closed 3 years ago

varshakamath1 commented 3 years ago

During login, accessToken and refreshToken both are generated.

POST: http://localhost:3001/login

Request body: { "username": "PID5", "password":"PID5", "newPassword":"", "role": "patient" }

Response { "accessToken": "XXX", "refreshToken": "YYY" }

accessToken expires in 5 minutes. Any request made using the accessToken after 5 minutes returns the response as FORBIDDEN.

Then a post request must be done with the refreshToken and the role. The response is new access token.

POST: http://localhost:3001/token

Request body:

{ "role": "patient", "token" : "YYY" //refreshToken }

Response { "accessToken": "ZZZ" // new accessToken }

Logout - It is to make sure that when the user is logged out, no one will be able to use the refresh token to generate a new authentication token.

DELETE: http://localhost:3001/logout

Request body: { "token" : "YYY" //refreshToken }

Response: 204 status

kshitijyelpale commented 3 years ago

Task linked: CU-djy95a Make jwt more secure using refresh token and algorithm