Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Revamp /reset-session endpoint?` #566

Open
3 tasks
maxachis opened this issue Dec 18, 2024 · 0 comments
Open
3 tasks

Revamp /reset-session endpoint?` #566

maxachis opened this issue Dec 18, 2024 · 0 comments
Labels
api back-end

Comments

@maxachis
Copy link
Contributor

maxachis commented Dec 18, 2024
edited
Loading

Context

Currently, the /refresh-session endpoint to refresh an access token has a bit of an unusual structure:

  • It accepts the access token for bearer authentication (bear in mind that if this token is expired, this refresh would not work)
  • It then accepts the refresh token as a JSON entry.

This might not be necessary, and it can make handling the refresh logic more cumbersome on the user end! It might make more sense to simply provide the refresh-token as the Bearer Authentication, with no JSON body.

Requirements

  • Determine, with @joshuagraber, whether this indeed makes the most sense, or if we should stick with the original (or an alternative design)
  • Whatever we decide on, implement it!

Tests

  • The test for /refresh-session should additionally check to confirm that it still functions even when the previous access token is expired (which currently it does not do)

Docs

  • Documentation will need updated

Open questions

  • See above.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
api back-end
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@maxachis