| Age | Commit message (Expand) | Author |
|---|
| 2024-08-01 | Use JWKs from auth server public endpoint...* Fetch keys from auth server
* Validate token is signed with one of the keys from server
* Ensure refreshing of token is still synchronised
| Frederick Muriuki Muriithi |
| 2024-07-31 | Synchronise token refreshes...The application can be run in a multi-threaded server, leading to a
situation where the multiple threads attempt to get a new JWT using
the exact same refresh token.
This synchronises the various threads ensuring only a single thread is
able to retrieve the new JWT that all the rest of the threads then
use.
| Frederick Muriuki Muriithi |
| 2024-07-17 | Fix premature session expiration...With the change to JWTs the time-to-live for each token is severely
curtailed to help with security in case of a token theft. We,
therefore, can no longer rely on the TTL for session expiration,
rather, we will rely of the token-refresh mechanism to expire a token
after a long while.
| Frederick Muriuki Muriithi |
| 2023-12-29 | Namespace all modules under gn2....We move all modules under a gn2 directory. This is important for
"correct" packaging and deployment as a Guix service.
| Arun Isaac |
