stockpile-co / api

The API for Stockpile, an app that manages stuff for organizations.
0 stars 1 forks source link

Fix refresh token inconsistency between clients #242

Closed AdamVig closed 6 years ago

AdamVig commented 7 years ago

Currently, a new refresh token is given every time the user logs in.

The problem with this approach is if the same user logs in on the mobile app and then the web app, the refresh token stored in the mobile app will be invalid, and the user will have to log in again.

The fix is to issue a refresh token once per user, and in all subsequent logins, return the same refresh token from the database, ensuring that all logged-in clients can refresh tokens.