Ideas

The latest version of Litium 8.19 included the ability to control the application token lifetime in the Storefront API for the JWT tokens.

This is a feature we were waiting on but realized that it would be good if we could also have some sort of refresh token support.

As JWT tokens cannot be invalidated in any way having a long lived token could be pretty bad. It would be great if on sign in that we also get a refresh token which can be used to refresh the session to the storefront API.

For a long lived token this could be a big security issue as the JWT session token could get hijacked and be used by an malicious actor, especially if the user has administrator access to the Storefront API and delete information.

It would be nice if the refresh token also had a configurable lifetime as us partners can then control the security on our own depending on customer needs.