refactor: replace refresh & access token with auth token only

changes authentication to no longer use a refresh token & access token
for accessing protected endpoints. Instead only an auth token is used.

Before the login flow was:

Login -> get refresh (stored as HttpOnly cookie) + access token (stored in memory) ->
  protected endpoint request (attach access token as Authorization header) -> access token expires in
  15 minutes, so use refresh token to obtain new one when that happens

now it looks like this:

Login -> get auth token (stored as HttpOnly cookie) -> make protected endpont
request (token sent)

the reasoning for using the refresh + access token was to reduce DB
calls, but in the end I don't think its worth the hassle.

This commit is contained in:

Jordan Knott

2021-04-28 21:32:19 -05:00

parent 3392b3345d

commit 229a53fa0a

47 changed files with 3989 additions and 3717 deletions

									
										1

migrations/0064_rename-refresh_token-to-auth_token.up.sql
									
										Normal file
									
												View File
												
				@ -0,0 +1 @@

				ALTER TABLE refresh_token RENAME TO auth_token;

				`@ -0,0 +1 @@`
				`ALTER TABLE refresh_token RENAME TO auth_token;`

refactor: replace refresh & access token with auth token only

1 migrations/0064_rename-refresh_token-to-auth_token.up.sql Normal file Unescape Escape View File

1

migrations/0064_rename-refresh_token-to-auth_token.up.sql Normal file

View File