I am trying to implement a rotating refresh token with an access token (JWT) in FastAPI. However, for now I just want to get a standard refresh token implementation working with no rotation occurring.
The FastAPI docs have an example of the implementation for the access token. I have implemented this and it works fine.
But, how do I pass the refresh token in a similar fashion as a dependency to routes? Should the refresh token be placed in the same token payload when logging in as:
{
"access_token": ...,
"refresh_token": ...,
"token_type": "bearer"
}
Or should they rather be separate routes with different payloads?
Any guidance, whether they are links or code snippets, would be greatly appreciated.
In summary, how could I implement a refresh token that works with the implementation shown in the FastAPI docs linked earlier?
I want to use the python-jose
package and not fastapi-jwt-auth
(which is frequently suggested online). This is because fastapi-jwt-auth
is no longer receiving support and smaller supported forks of the package are not mature yet.