Skip to content
This repository was archived by the owner on Oct 12, 2018. It is now read-only.

Automatically rotate tokens #3

Merged
merged 3 commits into from
Dec 28, 2017
Merged

Automatically rotate tokens #3

merged 3 commits into from
Dec 28, 2017

Conversation

@skrulcik
Copy link
Owner

This is based off of tpb-dev's work found in this PR on the original expiring tokens repository.

I moved it to a branch on this repo so I could make a few reconciliation commits.

Supersedes #2

@skrulcik skrulcik mentioned this pull request Dec 19, 2017
Closed
@skrulcik
Change token reset from per-request to per-login
9dc9e01 
Tokens shouldn't be rotated on every single request, because that would
mean each request would require a new "login" request to get the new
token. Instead, we want to reset the token every time login credentials
are sent to get the token that should be used for authentication. This
is the desired behavior - when someone logs in, revoke any other tokens
regardless of expiration. This ensures that only one client is logged in
at once.
@skrulcik skrulcik merged commit ec53651 into master Dec 28, 2017
@skrulcik skrulcik deleted the rotating-tokens branch December 28, 2017 02:40
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@skrulcik @tpb-dev