feat: add refresh token flow for long-lived sessions
- Add RefreshToken model with rotation - Add POST /auth/refresh endpoint - Add POST /auth/logout that revokes refresh token - Login returns JWT (8h) + refresh_token (30 days) - Refresh rotates token (old is revoked) - Fix Carbon\Carbon::now() calls instead of now() helper - Update API docs
This commit is contained in:
@@ -15,8 +15,9 @@ Authorization: Bearer <token>
|
||||
### Auth
|
||||
| Method | Path | Description |
|
||||
|--------|------|-------------|
|
||||
| POST | `/auth/login` | Login with email/password, returns JWT |
|
||||
| POST | `/auth/logout` | Logout (client-side token discard) |
|
||||
| POST | `/auth/login` | Login with email/password, returns JWT + refresh_token |
|
||||
| POST | `/auth/refresh` | Exchange refresh_token for new JWT + refresh_token |
|
||||
| POST | `/auth/logout` | Revoke refresh token (logout) |
|
||||
| GET | `/auth/me` | Current user info (requires auth) |
|
||||
|
||||
### Bootstrap
|
||||
|
||||
Reference in New Issue
Block a user