I want to create a user management system. Wherein users register, login, perform some actions abstracted by API and logout.
Users sign in with password and email/username.
The authentication system I want to achieve has following goals.
- The api generates unique tokens for a user if he/she signs on on different devices or browsers.
- It verifies the token on every request may be using Auth headers.
- It invalidates a token based on some time and on the expiry of time itt regenerates a token and refreshes on the client side automatically. What is the client is inactive for a long time and the token expires? What should be done then?
- It logs the user out.