Refresh Token

Behavior

As an user
I want refresh my tokens
To continue accessing protected content

Description

After a certain time the access tokens are expired. After this expiration, for the user to continue accessing the system, he must send the refreshToken to a refresh route, then receiving new access and refresh tokens

graph TD
    r400([400 - Bad Request])
    r401([401 - Unauthorized])
    r200([200 - Ok])
    s((start)) 
    -->|User| s01[Request to refresh token]
    -->|API| s02[Check if request is valid]
    --> q01{is valid?}
    q01 -->|no| r400
    q01 -->|yes| q01y[Verify &quotrefreshToken&quot]
    --> q02{is valid?}
    q02 -->|no| r401
    q02 -->|yes| q02y[Find &quotuserAuth&quot to &quotrefreshToken&quot]
    --> q03{is found?}
    q03 -->|no| r401
    q03 -->|yes| q03y[Check if &quotuserAuth&quot is active]
    --> q04{is active?}
    q04 -->|no| r401
    q04 -->|yes| q04y[Find &quotuser&quot]
    --> q05{is found?}
    q05 -->|no| r401
    q05 -->|yes| q05y[Check if &quotuser&quot is active]
    --> q06{is active?}
    q06 -->|no| r403
    q06 -->|yes| q06y[Update &quotuserAuth&quot]
    --> q07[Return new &quotbearerAuth&quot] -->r200

Types

interface Request {
  method: 'POST'
  headers: {
    authorization: `Bearer ${string}`
  }
}

interface Response {
  status: 200,
  body: {
    type: 'Bearer',
    accessToken: string
    refreshToken: string
  }
}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Refresh Token

Behavior

Description

Types

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally