Kharec/goyco
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: note refresh token rotation and auth refresh/revoke endpoints

Browse Source
This commit is contained in:
Sandro CURY CAZZANIGA
2026-01-08 06:28:29 +01:00
parent 395cc299f3
commit 9ceaf35fd9
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
README.md
View File

@@ -117,6 +117,8 @@ JWT_EXPIRATION=1
JWT_REFRESH_EXPIRATION=168 JWT_REFRESH_EXPIRATION=168
``` ```
Refresh tokens rotate on each successful refresh, the previous refresh token is invalidated.
### SMTP Configuration ### SMTP Configuration
```bash ```bash
@@ -203,6 +205,9 @@ It'll be more readable and easier to parse.
- `POST /api/auth/login` - Login user - `POST /api/auth/login` - Login user
- `GET /api/auth/confirm` - Confirm email - `GET /api/auth/confirm` - Confirm email
- `POST /api/auth/logout` - Logout user - `POST /api/auth/logout` - Logout user
- `POST /api/auth/refresh` - Refresh access token (rotates refresh token)
- `POST /api/auth/revoke` - Revoke a refresh token
- `POST /api/auth/revoke-all` - Revoke all refresh tokens for the current user
#### Posts #### Posts