🚀
ShipClojure
  • README
  • Development
    • Getting Started
    • REPL Workflow
    • AI Development with ShipClojure
    • Getting Updates
    • Formatting code
    • ShipClojure Guiding Principles
  • Backend
    • Migrations
    • Secrets
    • Routing
    • ShipClojure Blog
    • Email
  • Frontend
    • UIx + re-frame
    • HTTP Requests with Re-frame
    • Frontend Navigation with Re-frame
    • Toast Notifications
    • Icons
  • Server Side Rendering
    • Static/Landing pages
  • Auth
    • How Auth works
    • Oauth2 providers
  • Deployment
    • Deployment
  • Decisions
    • 001 - Cookie Sessions
    • 002 - Single Page Application Architecture
    • 003 - Re-frame instead of Refx
    • 003 - Move from cookie sessions to JWT Access + refresh tokens
Powered by GitBook
On this page
  • Context
  • Decision
  • Consequences
  1. Decisions

003 - Move from cookie sessions to JWT Access + refresh tokens

Previous003 - Re-frame instead of Refx

Last updated 1 month ago

Date: 2024-02-01

Status: accepted

Context

Previously ship clojure was using cookie sessions to do authentication however it wasn't fitting well with the SPA model.

Moving to JWT tokens helps so that in the future we

Decision

Shipclojure will change authentication strategy to JWT access + refresh token and refresh token rotation.

Consequences

Cookie session will still be available for oauth as the initial verification but authentication throughout the application will work through JWT.

See docs for details on how the system works and how to do most things.

authentication