Expiring Refresh Tokens
KyleAsaff opened this issue · comments
Is there a way to implement expiring refresh tokens? From the docs, it looks like refresh tokens are valid forever unless explicitly blacklisted (and therefore have to enable blacklisting)?
Most JWT implementations I have seen have a short expiry (eg 1 day) for the access token and a long-lived expiry (eg 200 days) for the refresh token.
This doesn't seem to be an option with this gem, unfortunately, unless I am missing something? Are there any solutions to cover the use case of implementing an expiring refresh token?
@KyleAsaff Currently, there is no way to expire a refresh token. But, this option looks like a must needed one 👍
And, the main purpose of blacklisting in this gem is to prevent logged out token from accessing the API until the expiration.
I will try to add this expiry option for refresh tokens in a few weeks. Thanks for bringing this.
@KyleAsaff Currently, there is no way to expire a refresh token. But, this option looks like a must needed one 👍
And, the main purpose of blacklisting in this gem is to prevent logged out token from accessing the API until the expiration.
I will try to add this expiry option for refresh tokens in a few weeks. Thanks for bringing this.
awesome! thank you, that would be amazing. I am building my new API on top of this gem and would love the refresh token expiry option to allow for a more secure API.
I'm starting my first rails project with this token, its pretty good but also was thinking about that feature. Hope to see it soon!
@Gokul595 any updates here 🙂? I have been holding off using this gem in my production app until it's implemented
@KyleAsaff Sorry, couldn't work on this due to some reasons. I will try to make it available in one or two weeks.
@Gokul595 that would be amazing!! thank you so much
Any updates here? I see there's a PR from @rcarter currently open.
@KyleAsaff @xxSkyy This is done. Please upgrade to the latest version 0.6.0
and add a migration to add expire_at
column in refresh token table.
Thanks for waiting and thanks to @rcarter for getting this done.
@KyleAsaff @xxSkyy This is done. Please upgrade to the latest version
0.6.0
and add a migration to addexpire_at
column in refresh token table.Thanks for waiting and thanks to @rcarter for getting this done.
That's great! I'll test it when I'll come back to some RoR project!