Answer the question
In order to leave comments, you need to log in
U
U
unroot2018-03-12 18:09:35
unroot, 2018-03-12 18:09:35
What is the correct refresh_token refresh strategy for multiple devices?
I understand with JWT, in particular with refresh token'om. Can't think of a refresh token refresh strategy on multiple devices. If you store the token in the database and update it every time at the request of the client, then the devices will need to constantly go through the authentication process. On the other hand, if the token is not renewed, then if it is stolen or expires_in occurs, it will become invalid, which will entail the authentication process. Please tell me the correct refresh token refresh strategy using JWT for multiple devices. Thanks in advance!
1 answer(s)
@unroot
S
Sergey Gornostaev, 2018-03-12 @unroot
Store the user ID and device ID in the token load. Upon receipt of an update request, check the token for validity, extract identifiers from it, search the database for a record for these identifiers and compare the token received from the database with the token from the user.
Similar questions
S
A
H
R
J
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question