taskcafe/internal/route
Jordan Knott 229a53fa0a refactor: replace refresh & access token with auth token only
changes authentication to no longer use a refresh token & access token
for accessing protected endpoints. Instead only an auth token is used.

Before the login flow was:

Login -> get refresh (stored as HttpOnly cookie) + access token (stored in memory) ->
  protected endpoint request (attach access token as Authorization header) -> access token expires in
  15 minutes, so use refresh token to obtain new one when that happens

now it looks like this:

Login -> get auth token (stored as HttpOnly cookie) -> make protected endpont
request (token sent)

the reasoning for using the refresh + access token was to reduce DB
calls, but in the end I don't think its worth the hassle.
2021-04-28 21:38:49 -05:00
..
auth.go refactor: replace refresh & access token with auth token only 2021-04-28 21:38:49 -05:00
avatar.go fix: url encode avatar filename when showing path 2020-09-12 18:12:12 -05:00
middleware.go refactor: replace refresh & access token with auth token only 2021-04-28 21:38:49 -05:00
route.go refactor: replace refresh & access token with auth token only 2021-04-28 21:38:49 -05:00