Closed hmnhf closed 3 months ago
Hey @hmnhf,
Having a long-lived auth token is considered insecure, as it gets exposed a lot and could be compromised. You need a refresh token to re-generate an auth token. We could implement something like that here, but it's probably wiser to use a standard like Oauth for that.
Sorry for not being more helpful, but it wouldn't be a good practice to encourage that from here :cry:
Hello, and thank you for the effort you've put into this useful gem!
In our case, we need to have a different
expiration_time
set for the generated token based on a request parameter.Looking through the code, it seems possible to change
expiration_time
setting to also support a callable object (e.g. a proc) with the request params passed to it similar to the following:Would you be interested in accepting a PR for this feature?
EDIT 1: Just saw https://github.com/waiting-for-dev/devise-jwt/issues/264. This feature could help with that issue as well. EDIT 2: We could also make it based on request headers (instead/as well), not necessarily based on params.