Closed ChoffaH closed 3 years ago
shaj13
commented
3 years ago @ChoffaH glad you found it :)
basically refresh token is not supported, and it's must be stored securely and persistent. so it depends on what you want to achieve and how much your system must be secure. feel free to open a proposal describing what you would like to see with plain text API examples.
ChoffaH
commented
3 years ago @shaj13 I don't really have much experience with these kind of things. Previously I have just communicated with a server that provided these things for me 😆 In those cases I was given a short-lived token (auth token) and a refresh token to ask for a new short-lived token.
In this case where we don't have any refresh token, how far is it safe to increase the life time of the token provided by go-guardian?
I have managed to get a simple login working from my Ember app that i'm building but have a couple of questions. I don't find any support for refresh tokens in the jwt strategy. Are there any plans to add support?
Also, maybe token expiration time should be configurable?Great work on this project! 👌
Edit: Realized you actually can configure token expiration time with SetExpDuration.