I'm a dev transitioning from EE focusing primarily on full-stack web development! I've worked with JS/TS, golang, Flutter, Scala, and some devops tools. I'd be very interested in career opportunities.
No worries! I think it's awesome you're doing this in a second language.
I'm glad you were able to sort your issue out from the client side!
There is at least one potential issue I am aware of with my application.
If you sign in repeatedly (without signing out), the redis store will keep creating refresh tokens. So it is possible you would add tons of entries in Redis!
From the "good guy" developer's perspective, you will define your client-side code to avoid this. But it would be good to have a safety mechanism or some logic to prevent this on the server.
Maybe sending a cookie with the client's ID (an ID that is unique per device/browser) in the authentication responses (sign in/sign up), and then checking this on incoming requests would be helpful, but I haven't thought this through yet.
I would be interested in seeing how services like Auth0 handle this in their API.
Best of luck with your app!
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
No worries! I think it's awesome you're doing this in a second language.
I'm glad you were able to sort your issue out from the client side!
There is at least one potential issue I am aware of with my application.
If you sign in repeatedly (without signing out), the redis store will keep creating refresh tokens. So it is possible you would add tons of entries in Redis!
From the "good guy" developer's perspective, you will define your client-side code to avoid this. But it would be good to have a safety mechanism or some logic to prevent this on the server.
Maybe sending a cookie with the client's ID (an ID that is unique per device/browser) in the authentication responses (sign in/sign up), and then checking this on incoming requests would be helpful, but I haven't thought this through yet.
I would be interested in seeing how services like Auth0 handle this in their API.
Best of luck with your app!