OptimusX
/
OneAuth
mirror of https://github.com/veypi/OneAuth.git
3
0
Fork 0
Code Issues Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
v4
v3
v2
v1.2.0
v1.1.0
v1.1.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '4c021e7e93'
${ noResults }
OneAuth/auth
History
veypi 4c021e7e93 refactor(auth): Migrate token delivery to HttpOnly Cookie with version-based revocation 
- Replace JWT in response body with HttpOnly Cookie (vb_access/vb_refresh) to prevent XSS token theft
    - Add Redis-based token version management with ±1 tolerance for multi-tab concurrent refresh
    - Implement strict refresh token rotation: version must match exactly, increment on each refresh
    - Simplify JWT Claims to only carry UserID + Type + Version, remove user profile fields
    - Remove session-based token tracking and cache blacklist in favor of version increment revocation
    - Remove getAuthHeaders, wrapAxios, wrapFetch, isExpired from frontend VBase client
    - Remove client-side token/localStorage management, frontend now relies on Cookie auto-attach
    - Add CookiePath config option and change default access token expiry from 24h to 15min
    - Update Vigo app initialization to use functional options pattern
    - Add empty-body cookie read fallback in refresh endpoint
 		3 weeks ago
..
auth.go refactor(auth): Migrate token delivery to HttpOnly Cookie with version-based revocation 3 weeks ago
design.md refactor(auth): Add permission validation and update design docs 3 months ago