I am able to generate an access token & refresh token for every user who allows access to their Jira account and then call the Jira apis using the access token. I'd like to persist the logged in state for every user indefinitely and for that I am using the refresh token. Following is the flow of the process:
- User allows access to his Jira acc.
- Jira provides auth code which can be used to fetch access token and refresh token
- This access token can be used to call apis from jira.
My question is: Since I want to keep the users state logged in indefinitely, where can I store the tokens and what would be the flow?
My current solution is to store the refresh token in the db as a key value pair where key is the user info (user id) & value is refresh token. Then I can generate new access token if it is either null or expired(Access token will be null when the user logs out of my application and logs back in). Also, I'd have to update the access token in the localStorage everytime it is expired or the first time when it is null so that can be achieved by sending new access token generated in api response. Is this flow correct? I'd like to know the standard process.
