Please enable JavaScript.
Coggle requires JavaScript to display documents.
JWT_AUTH_2 REFRESH - Coggle Diagram
JWT_AUTH_2
REFRESH
REFRESH
app.post(/token,..)
const refreshToken
= req.body.token
if (refreshToken is null)
res 401
if (refreshToken ..)
res 403
not in list
jwt.verify(..)
refreshToken
process.env.
REFRESH_TOKEN_SECRET
func
func (err, user)
if (err)
return 403
const accessToken =
generateAccessToken(..)
{name: user:name}
res.json({accessToken})
LOGIN
const accessToken =
generateAccessToken(user)
const refreshToken =
jwt.sign(..)
user
process.env
REFRESH_TOKEN_SECRET
Add
RefreshToken
In-Db/List
res.json({..})
accessToken
refreshToken
LOGOUT
app.delete(/logout,..)
Remove
Token
req.body.token
FromDb
res.sendStatus(204)
REFRESH
Set
AccessToken
ExpirationOn
RefreshToken
Saved
In-DB
Can-Be
Invalidated
By-Deleting
GENERATEACCESSTOKEN
return jwt.sign(..)
user
process.env.
ACCESS_TOKEN_SECRET
{expiresIn: '10m'}
Arg
User