|
179f5753ed
|
Implement a token endpoint - currently all tokens last forever and can't be revoked, but I can add revocation later without too much trouble
|
2017-11-03 17:18:00 +11:00 |
|
|
9add6be8e4
|
Remove the pointless verify_auth_code wrapper - it's easier to do the verification work in the view anyway
|
2017-11-03 16:40:09 +11:00 |
|
|
ab810a8f94
|
Simplify the auth code format a little: the 'me' value can be computed from the user ID and so is redundant
|
2017-11-03 16:14:30 +11:00 |
|
|
43a56e865e
|
Add the current user's ID to the auth code, will be handy when making a token since we need to know who the token's for
|
2017-11-03 15:51:27 +11:00 |
|
|
40810d6310
|
Refactor the actual JWT calls into separate functions since I'll be needing them for tokens as well as auth codes
|
2017-11-03 14:37:39 +11:00 |
|
|
6f6bb4e534
|
Improve JWT security by specifying the algorithm used, and also use shorter key names to make the code a little shorter
|
2017-11-03 14:33:27 +11:00 |
|
|
1c09be1b1c
|
Switch from database-persisted auth codes to stateless JSON Web Tokens :)
|
2017-11-02 16:36:16 +11:00 |
|