Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement refresh and access token system in backend #153

Closed
9 tasks
Madhawa97 opened this issue Aug 16, 2024 · 5 comments
Closed
9 tasks

Implement refresh and access token system in backend #153

Madhawa97 opened this issue Aug 16, 2024 · 5 comments
Assignees
Labels
backend A backend task priority: medium Medium priority task

Comments

@Madhawa97
Copy link
Member

Description:
Develop a robust refresh and access token system in the backend to enhance application security.

Tasks:

  • Modify authentication service to generate both access and refresh tokens
  • Update login and registration processes
  • Implement token refresh endpoint
  • Update middleware for token validation
  • Implement token revocation system

Acceptance Criteria:

  • Modify the signAndSetCookie function to generate both access and refresh tokens
  • Update the login, register, and OAuth callback functions to use the new token system
  • Create a new endpoint for token refresh (/auth/refresh-token)
  • Update the requireAuth middleware to validate access tokens
  • Implement token revocation on logout
  • Update error handling to return appropriate responses for token-related errors
  • Implement rate limiting on token-related endpoints to prevent abuse
  • Update the passport JWT strategy to work with the new token system
  • Ensure all routes that require authentication use the new token system

Additional Information:

  • Consider using JSON Web Tokens (JWT) for implementing the token system.
  • Ensure that refresh tokens have a longer expiry time compared to access tokens.
  • Implement proper encryption for storing refresh tokens if needed.
  • Update the auth.service.ts file to include functions for handling the new token system.
  • Modify the auth-routes.schema.ts to include validation for the new token endpoints.

Related Dependencies or References:

@mayura-andrew
Copy link
Member

Hey @dileepainivossl, would you be interested in working on this issue?

@dsmabulage
Copy link
Contributor

Hey @dileepainivossl, would you be interested in working on this issue?

Sure, can you assign it to me? for this Github user

@mayura-andrew
Copy link
Member

mayura-andrew commented Aug 18, 2024

Nice @dsmabulage 🚀, Thank you :)

@anjula-sack
Copy link
Member

Any updates on this @dsmabulage

@dsmabulage
Copy link
Contributor

Any updates on this @dsmabulage

added a pr #162

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backend A backend task priority: medium Medium priority task
Projects
Status: Done
Development

Successfully merging a pull request may close this issue.

4 participants