JWT auth with refresh token rotation and blacklisting
Views
1.1K
Copies
280
Likes
145
Comments
0
Copy rate
25.0%
Prompt
Implement a complete JWT authentication system for a [framework] application with:
1. Short-lived access tokens ([access_ttl] expiry)
2. Long-lived refresh tokens (7-day expiry) with automatic rotation
3. Refresh token stored in HttpOnly cookie (not localStorage)
4. Token blacklisting on logout using Redis
5. Refresh token reuse detection (if a used token is replayed, revoke ALL tokens for that user)
6. Concurrent session support (user can be logged in on multiple devices)
7. Proper error responses (401 for expired, 403 for blacklisted)
Include: auth controller, service, guards, and middleware.Customise this prompt
Fill in 2 variables to personalise this prompt
Preview
Implement a complete JWT authentication system for a [framework] application with:
1. Short-lived access tokens ([access_ttl] expiry)
2. Long-lived refresh tokens (7-day expiry) with automatic rotation
3. Refresh token stored in HttpOnly cookie (not localStorage)
4. Token blacklisting on logout using Redis
5. Refresh token reuse detection (if a used token is replayed, revoke ALL tokens for that user)
6. Concurrent session support (user can be logged in on multiple devices)
7. Proper error responses (401 for expired, 403 for blacklisted)
Include: auth controller, service, guards, and middleware.
Example output