| Age | Commit message (Collapse) | Author |
|---|
|
|
|
* Fetch keys from auth server
* Validate token is signed with one of the keys from server
* Ensure refreshing of token is still synchronised
|
|
The application can be run in a multi-threaded server, leading to a
situation where the multiple threads attempt to get a new JWT using
the exact same refresh token.
This synchronises the various threads ensuring only a single thread is
able to retrieve the new JWT that all the rest of the threads then
use.
|
|
With the change to JWTs the time-to-live for each token is severely
curtailed to help with security in case of a token theft. We,
therefore, can no longer rely on the TTL for session expiration,
rather, we will rely of the token-refresh mechanism to expire a token
after a long while.
|
|
We move all modules under a gn2 directory. This is important for
"correct" packaging and deployment as a Guix service.
|
