Add refresh tokens + revocation to Auth (#164)#178
Merged
Conversation
Builds on the Auth module (#163). login now issues a long-lived refresh token alongside the short-lived access JWT; adds Auth.refresh/1 and Auth.logout/1. Part of the authentication epic (#161). - login/2 returns %{user, access_token, refresh_token}. - refresh/1: validates by token hash, rotates (presented token is single-use), returns a fresh %{access_token, refresh_token}; expired/unknown/rotated -> invalid_token. - logout/1: deletes the token row (idempotent -> ok). - Refresh tokens are opaque high-entropy random strings; only the SHA-256 hash is stored in an auth_tokens table, so a DB leak doesn't expose live sessions. Revocation = row deletion (works now that #172 makes records carry id). - New config: auth.token_schema (default auth_token), auth.refresh_token_ttl (default 30d). Documents the AuthToken schema + auth_tokens migration. - Tests: fake repo gains delete/1 + a non-reusing id counter; 6 new tests (login returns refresh, rotate+invalidate-old, logout revokes, expired, unknown, and an e2e resolution test). 18/18 auth tests; full suite 740 (only the pre-existing esqlite-NIF failure). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
gregwinn
added
enhancement
16 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds refresh tokens with rotation + revocation to the
Authmodule — sub-issue C (#164) of the authentication epic (#161), building directly on #163. Branches offdevelop(which now has #163 via #177), so no stacking issues this time.Design
login/2now returns%{user, access_token, refresh_token}.refresh/1looks the token up by hash, and if unexpired rotates it (old row deleted = single-use), returning a fresh access+refresh pair. Expired / unknown / already-rotated →:invalid_token.logout/1deletes the token row; idempotent.auth_tokenstable, so a DB leak doesn't expose live sessions. (SHA-256, not PBKDF2 — the token is already high-entropy, and a fast hash keeps lookup a single indexed query.)Reporecords carryid.auth.token_schema(defaultauth_token),auth.refresh_token_ttl(default 30d).Testing
Auth.refresh. 18/18 auth tests pass.delete/1and a monotonic id counter (so rotation can't hit an id collision).winn_sqlite_testsesqlite-NIF environmental failure.Docs
docs/modules.md:AuthTokenschema +auth_tokensmigration,Auth.refresh/Auth.logoutsections, updated router + JS example (silent-refresh-on-401, logout).docs/stdlib.md+ CHANGELOG updated.Part of #161. Closes #164 once merged.
🤖 Generated with Claude Code