normogen

History

goose 203c0b4331 Research: JWT authentication selected - Comprehensive JWT research completed - JWT with refresh tokens selected (9.5/10 score) - Token revocation strategies (blacklist + versioning) - Refresh token pattern (token rotation) - Zero-knowledge password recovery integration - Family member access control (permissions in JWT) Key decisions: - Access tokens: 15 minutes (short-lived) - Refresh tokens: 30 days (long-lived, stored in MongoDB) - Token rotation: Prevents reuse of stolen tokens - Token versioning: Invalidate all tokens on password change - Recovery phrases: Zero-knowledge password recovery from encryption.md - Family permissions: parent, child, elderly roles Updated tech stack decisions Next: Database schema design (MongoDB collections)	2026-02-14 12:44:33 -03:00
..
research	Research: JWT authentication selected	2026-02-14 12:44:33 -03:00

goose 203c0b4331 Research: JWT authentication selected

- Comprehensive JWT research completed
- JWT with refresh tokens selected (9.5/10 score)
- Token revocation strategies (blacklist + versioning)
- Refresh token pattern (token rotation)
- Zero-knowledge password recovery integration
- Family member access control (permissions in JWT)

Key decisions:
- Access tokens: 15 minutes (short-lived)
- Refresh tokens: 30 days (long-lived, stored in MongoDB)
- Token rotation: Prevents reuse of stolen tokens
- Token versioning: Invalidate all tokens on password change
- Recovery phrases: Zero-knowledge password recovery from encryption.md
- Family permissions: parent, child, elderly roles

Updated tech stack decisions

Next: Database schema design (MongoDB collections)

2026-02-14 12:44:33 -03:00

research

Research: JWT authentication selected

2026-02-14 12:44:33 -03:00