Hey,I want to make an application with a mobile and web client. It will have a Node.js REST or GraphQL API.I've heard that the best way to authenticate when having independent frontend and backend is JWT. I've understood the basics of JWT, but I have a question about the persistence of your JWT.When the Token expires, what do you do? I can't just request another login, that would just be annoying.What do I do, when the data in the payload changes on the server? I would have to invalidate all existing tokens, because they contain wrong payload data. But then the user would have to log in again, which i want to avoid at all cost.So how do I avoid the need of logging in again when a token expires or I have to invalidate it because of change of data on the server?
Submitted January 26, 2020 at 12:46PM by thisw4y
No comments:
Post a Comment