Our great sponsors
-
Prisma
Next-generation ORM for Node.js & TypeScript | PostgreSQL, MySQL, MariaDB, SQL Server, SQLite, MongoDB and CockroachDB
-
SurveyJS
Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
To implement Refresh Token Rotation Automatic Reuse Detection without storing all refresh tokens descending from the original one you can create a tokenFamily property in your database model and check for unregistered descendants. I did not go into full details on how I implemented the whole authentication process in this article, but if you want you can check the source code in the project's repository in GitHub
You can add a family property in your refresh tokens model in the database, this is my model using Prisma ORM:
While studying how to implement refresh tokens rotation in a Node.js project I came into this blog post from Auth0: What Are Refresh Tokens and How to Use Them Securely. In the section where they explain about Refresh Token Automatic Reuse Detection it is said: