I spent this week mainly on learning and implementing refresh token mechanism on both the backend and frontend. I didn’t know it would take me this long, but it is my first encounter with refresh tokens and working on my own authentication service. After spending most of the week on this topic I had to switch to something else to take a break from authentication & tokens for a while.
I will be back to complete the authentication this week. The only thing left is to automate sending a refresh token request when the token expires. For now, I do it with an additional button.
After spending so much time on the authentication part, I’m wondering if there is an easiest way to do this (using some 3rd party service i.e.).
Another thing that boders me is that after reading many articles, I still don’t understand how to use httponly cookies properly.
But all in all I’m glad I spent so much time on this part becasue I feel like I learned a lot and when I finally figure it out, I can reuse it in other applications.
what did I do last week?
๐ถ implemented refresh tokens in authentication API (backend)
๐ถ implemented usage refresh tokens in Angular app (it is not automated yet)
๐ถ added user profile component
๐ถ fixed buttons appearance
๐ถ I prototyped a scoring strategy and started implementing it. I added another layer to my app. Now, when the user selects a question category they will be asked to select a question level (junior, mid, senior). Each level will be rewarded differently. I also want to introduce two modes: study and test.
what was the biggest impediment?
- searching for what is the best place to store refresh tokens (and I’m still not sure)
- refreshing tokens automatically when token expires (for now I’m invoking the refresh by button because I spent too much time on it and wanted to move to something else)
what is the plan for next week?
- automate refresh tokens in frontend
- finish implementation of the new scoring strategy
- implement two modes: study and test
time spent
- from last week
21h 30m - overall
139h 0m
costs
- from last week
0 $ - overall
32 $
summary
I feel like I made a milestone this week. There may still be some work left to make refresh tokens fully automatic but authentication and authorization are finally working and that was the most confusing part of the development for me.