Phase 2.3: Complete JWT Authentication with token rotation and revocation
- Fixed DateTime timestamp issues (use timestamp_millis instead of to_millis) - Implemented token rotation: old refresh tokens revoked on refresh - Implemented logout revocation: tokens immediately marked as revoked - Removed rate limiting (deferred to Phase 2.6) - Created comprehensive verification report - Updated STATUS.md All Phase 2.3 objectives complete: ✅ JWT Access Tokens (15 min expiry) ✅ JWT Refresh Tokens (30 day expiry) ✅ Token Rotation ✅ Token Revocation ✅ PBKDF2 Password Hashing ✅ Auth endpoints (register, login, refresh, logout) ✅ Protected routes with JWT middleware ✅ Health check endpoints Compiles successfully with only unused code warnings.
This commit is contained in:
goose
parent
8b2c13501f
commit
02b24a3ac1
6 changed files with 480 additions and 55 deletions
|
|
@ -4,9 +4,9 @@ DATABASE_NAME=normogen
|
|||
|
||||
# JWT Configuration
|
||||
JWT_SECRET=your-secret-key-here-change-in-production
|
||||
JWT_ACCESS_TOKEN_EXPIRATION=900
|
||||
JWT_REFRESH_TOKEN_EXPIRATION=604800
|
||||
JWT_ACCESS_TOKEN_EXPIRY_MINUTES=15
|
||||
JWT_REFRESH_TOKEN_EXPIRY_DAYS=30
|
||||
|
||||
# Server Configuration
|
||||
HOST=127.0.0.1
|
||||
PORT=8000
|
||||
SERVER_HOST=127.0.0.1
|
||||
SERVER_PORT=8000
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue