What if user logged on two different devices? Then when attempting to refresh a token, you may be grabbing the wrong token based on how you are querying the token. Thus, You should find one token which matches the a specific token rather than any token linked to any given user.
Excellent vid. Thanks. But I have a big WHAT. IF. So this my my scenario: I login with my user and password and I get my 10 minutes access token that I can just for my requests. WHAT IF I logout just after 2 minutes and some how hackers stole my access token. This access token is still valid even after logout, right? Hackers can still make requests during 10 minutes. Is it posible to revoke an access token and not just the refresh token?
What if user logged on two different devices? Then when attempting to refresh a token, you may be grabbing the wrong token based on how you are querying the token. Thus, You should find one token which matches the a specific token rather than any token linked to any given user.
Excellent vid. Thanks. But I have a big WHAT. IF. So this my my scenario: I login with my user and password and I get my 10 minutes access token that I can just for my requests. WHAT IF I logout just after 2 minutes and some how hackers stole my access token. This access token is still valid even after logout, right? Hackers can still make requests during 10 minutes. Is it posible to revoke an access token and not just the refresh token?
I am also facing same issue. I am using id token provided by AWS and even at sign out it is still valid.
@@nishantsrivastav4427 yeah. You cannot get around. That's why its important to keep the expiration time very short.
I think for this use sessions.
ive got 1 problem with this attempt if refresh token expire there is no way to delete it from db, any ideeas how to fix it ?
Why would you want to delete if it expired?
Now, if you really wanted to delete expired tokens, you could accomplish this using a cron job.
Awesome ++++++++++++++++++++++
Do you have any plan for Rust language?
I plan to, but we will see.