[DSI-4.5] Implementar el refresh token && [DSI-4.6] Modificar el frontend con el nuevo microservicio y usar Http-only para los tokens#33
Open
davposmar wants to merge 28 commits into
Open
Conversation
- inital http, https, mtls clients - Add extra port using mtls
- Proxy - API-INTERNAL-KEY - handle some errors - Build and excute request (http, https, mTLS)
- new internal filter - fixed request's body
- filters abstraction (Internal and Jwt) - get token objects - Add some docs about the framework ( not finished )
- Change SecurityUtils using framewrok option - Change jwt filter and add internal filter
- RateLimit configuration - Jwt parser - Auth makes request to Delivera
- delivera db doesn't contains password anymore. - registers now send a mTLS request to add the user. - change username updates auth db using mTLS. - remove an user if u removes a worker an there aren't no more workers related to.
…feature/Auth-service
- add max expired at of token - Use instant instead of LocalDateTime - InvalidRefreshToken removes cookie
- refresh jwt one minute before it expires - creates and use DeviceId
This was
linked to
issues
Jul 7, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Resumen
Se ha añadido el mecanismo de los refresh token el cual consiste en una petición cuando al jwt le queda un minuto para expirar haciendo un refresh del token de sesión con esto se quiere reducir el tiempo de vida del jwt para mitigar los impactos de posibles robos, aunque no se ha movido este a una cookie del tipo http-only por motivos de infraestructura, por otra parte el token de larga duración si es http-only, este token está compuesto por dos UUID unidos por un “.” siendo la primera parte el identificador y la segunda el secret, es prácticamente imposible adivinar una combinación entera dado que son 2^244 combinaciones, además en cada refresh se hace una nueva combinación.
Issues relacionados
PR: Closes #10 #9
Cambios realizados
Tipo de cambio
Checklist