You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Or run it on your local machine by cloning the repo and running following commands
#Install dependencies
npm install
#Create environment variables file
cp ENV_SAMPLE .env
#Defaults should work for local setup. But on production, env variables should be set for your server e.g. API_URL, FRONTEND_URL, etc.
npm start
#Visit localhost:3000
Play around with the configurations
Read the cues at every page with more resources to go deeper into concepts
Just keep token expiry times short and rotate them often
Contingency Plans : allow the user to change an underlying user lookup ID with their login credentials
A common approach for invalidating tokens when a user changes their password is to sign the token with a hash of their password. Thus if the password changes, any previous tokens automatically fail to verify. You can extend this to logout by including a last-logout-time in the user's record and using a combination of the last-logout-time and password hash to sign the token. This requires a DB lookup each time you need to verify the token signature, but presumably you're looking up the user anyway.
