003 - Move from cookie sessions to JWT Access + refresh tokens

Date: 2024-02-01

Status: accepted

Context

Previously ship clojure was using cookie sessions to do authentication however it wasn't fitting well with the SPA model.

Moving to JWT tokens helps so that in the future we

Decision

Shipclojure will change authentication strategy to JWT access + refresh token and refresh token rotation.

Consequences

Cookie session will still be available for oauth as the initial verification but authentication throughout the application will work through JWT.

See authentication docs for details on how the system works and how to do most things.

Previous003 - Re-frame instead of Refx

Last updated