1) Client
local login
Email, password + Server post request
social login
- sdk > get userInfo , access_token from OAuth Server
- Server post request
2) Server
local login
- JWT > make 'AccessToken' , 'RefreshToken'
- DB Save
- Res to Client : RefreshToken , userInfo , accessToken
social login
- JWT > save 'AccessToken' from Client + make 'RefresshToken'
- DB Save
- Res to Client : RefreshToken , userInfo , accessToken
3) Client
-
Header : AccessToken
-
Cookie : httpOnly , RefreshToken
-
( React ) useEffect > Req with refreshToken to Server to return 'accessToken
const refreshToken = () => {
req(refresh_Token)
.then(( { refresh_Token : { user, access_Token, expires_in } }) => {
client.setHeader('authorization' , 'Bearer ${token}' )
setTimeOut(() => {
refreshToken()
}, ( expires_in * 1000 ) - 500 )
})
.catch(console.log)
}
4) Server
ex) '/api/silent-auth'
-
with 'refreshToken' from Client > get 'accessToken' from 'refreshToken'
-
before 'accessToken being expired', repeat above process
Dream of being "물빵개" ( Go abroad for Dance and Programming)