Closed
Description
Generate our own refresh token:
We could generate a token that's exactly the same as the authentication token, but with an extended lifespan (we need to use a custom TimestampSigner that uses not the current time, but current time + REFRESH_TIMEDELTA as its timestamp). The only difference between the authentication token and the refresh token would be that the refresh token has a longer lifespan. Then, we would add another endpoint.
Tasks:
- Create a refresh token (0d) @VakarisZ
- Modify login and registration to return refresh token (0d) @VakarisZ
- Add an endpoint that allows you to login with a refresh token
- Make a refresh token distinct from access token @VakarisZ
- Add logic to the agent to use the refresh token (0d) - @shreyamalviya
- Adjust the times for refresh and authentication token (0d) @VakarisZ
- Redesign refresh strategy (1.25d)
- BB test to verify old tokens are invalid after refresh
- Add expiration time to all responses with tokens
- Modify the agent to use the new scheme
- Make the agent's HTTPIslandAPIClient to be multiprocessing-safe @cakekoa
- Add logic to the UI to use the refresh token @ilija-lazoroski
- Cleanup vulture allowlist