003 - Move from cookie sessions to JWT Access + refresh tokens
Last updated
Last updated
Date: 2024-02-01
Status: accepted
Previously ship clojure was using cookie sessions to do authentication however it wasn't fitting well with the SPA model.
Moving to JWT tokens helps so that in the future we
Shipclojure will change authentication strategy to JWT access + refresh token and refresh token rotation.
Cookie session will still be available for oauth as the initial verification but authentication throughout the application will work through JWT.
See docs for details on how the system works and how to do most things.