What is the usual flow in authenticating a Client Application with a Token based REST API?
ｅｎｄａｎ Feb 11
Hello everyone. I'm really stuck right now and can't progress. I am having a hard time concieving the proper flow in authenticating a client app with a token based api authentication.
Here's what I have so far:
Client app provides a login screen ->
Client app sends a /POST request to the /api/auth route ->
API checks if the user exists, returns Access token and Refresh token ->
Client app saves the access token as http-only cookie or localStorage ->
... stuck (Don't know what to do with the Refresh Token)
My train of thought gets stuck at this part.
If I have the users collection on the API side, then how should I store my Refresh Token? I know it's recommended to be stored at a database or something secure.
But won't that make me have duplicate users table, something like that?
I don't really know how to proceed, and I think I haven't read an excellent source material about this flow before.
If you have a tutorial to help me, or any recommendations, I'll gladly accept. I'm stuck. 😢
Thanks. Hope dev.to can help me.