Open don-bluelinegrid opened 7 years ago
Dear Don,
Thank you so much for raising this question/topic. To be honest, I should seriously study the whole refresh token material more in depth. I have seen so many refresh token implementation/interpretations which from security perspective where like playing with fire. Maybe interested people can share thoughts in the thread on how we come to improving aurelia-auth with respect to refresh tokens.
Warm regards paul.
Paul -
How does aurelia-auth support the full Oauth2 use case implementation, specifically regarding expiration and "refresh tokens"?
My understanding of the OAuth2 intention is that this sequence should occur -
Since this aurelia-auth module is strongly based on OAuth, is there anything in the module to help with this pattern of detecting accessToken expiration in a .catch() Promise block, and using the refreshToken to obtain/store a new accessToken? Or is the expectation that all consumers/developers using the module will implement this sort of logic?
Thanks, Don