Comments 3
Very informational. Keep it coming more.
That's all fine, but don't use a JWT with short TTL?
JSON Web Token is just an standard (RFC 7519) for creating access tokens to be URI/header safe and have possibiliity to contain some additional information.
JWT quite often used as access tokens but you cannot replace whole schema based 2 (or 3 in case of auth_token, refresh and access token) with just one single token.
It doesn't metter if single token is generated with JWT standart or just unique Guid. Single token concept is vulnerable by the reasons i tried to explain in article: To renew single token you need to use password. Than shorter time-to-live than more frequently you need to send passwords
JWT quite often used as access tokens but you cannot replace whole schema based 2 (or 3 in case of auth_token, refresh and access token) with just one single token.
It doesn't metter if single token is generated with JWT standart or just unique Guid. Single token concept is vulnerable by the reasons i tried to explain in article: To renew single token you need to use password. Than shorter time-to-live than more frequently you need to send passwords
Sign up to leave a comment.
Simple story behind Refresh and Access tokens