Hacker News new | past | comments | ask | show | jobs | submit login

In my system the authentication strategy is the responsabilities of the clients. The auth system only provides tokens via the /auth and /refresh_token routes given respectively a usn/pwd or a valid token.

So the client can refresh the token when they are close to expire or just auth again after expiration.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: