Is your feature request related to a problem? Please describe.
Because of the SPA refactoring in #87, login behaviour was reduced to a single issued login token that gets lost on refresh with a strict time limit.
Describe the solution you'd like
I'd like to stay logged in until I log out. Maybe an IAM tool like keycloak could be integrated. From a technical perspective, I need a solution that allows me to revoke tokens in case of compromised access.
Describe alternatives you've considered
Currently SmallRye JWT is in place but given how the setup looks like now the refresh token rotation can't be implemented anymore.
Another option could be Quarkus Form-based Authentication
Is your feature request related to a problem? Please describe. Because of the SPA refactoring in #87, login behaviour was reduced to a single issued login token that gets lost on refresh with a strict time limit.
Describe the solution you'd like I'd like to stay logged in until I log out. Maybe an IAM tool like keycloak could be integrated. From a technical perspective, I need a solution that allows me to revoke tokens in case of compromised access.
Describe alternatives you've considered Currently SmallRye JWT is in place but given how the setup looks like now the refresh token rotation can't be implemented anymore. Another option could be Quarkus Form-based Authentication