Implementing token inactivity timeout with automatic expiry extend
Hi folks, I am using the ash_authentication password strategy with my resource configured to store all tokens, and require token presence.
The project has a VueJS frontend that communicates with the backend via GQL. When a user logs in, the frontend receives the token and includes it in the header as a bearer token. This is all working well.
I have set a short-lived
Any thoughts on how to implement this? I think what I actually want is closer to a session based login strategy, that doesn't use JWTs at all, and simply generates a random token to give to the frontend.
The project has a VueJS frontend that communicates with the backend via GQL. When a user logs in, the frontend receives the token and includes it in the header as a bearer token. This is all working well.
I have set a short-lived
token_lifetime, and would now like to add a way to log the user out after a period of inactivity, and also extend their session expiry whenever they make a request to keep them logged in beyond the initial expiry time. I have realised that this may be at odds with using JWTs as the token, as they are effectively tamper proof.Any thoughts on how to implement this? I think what I actually want is closer to a session based login strategy, that doesn't use JWTs at all, and simply generates a random token to give to the frontend.
