Y
Hacker News
new
|
ask
|
show
|
jobs
by
allset_
1821 days ago
Agreed. Long(er) lived refresh tokens, and then having signed access tokens such as JWTs so that the API server doesn't have to hit the database on every request.