Tosin Bee

“𝙃𝙚 𝙙𝙞𝙚𝙙 𝙨𝙤 𝙬𝙚 𝙘𝙤𝙪𝙡𝙙 𝙡𝙞𝙫𝙚.”

Seeing your siblings doing well is a top tier feeling.

Tech will humble you small 😅 One day you’re confident, next day you’re googling basics again. Normal normal. Growth is not a straight line. #hngtech #hnginternship #hngi14

Every single win in my career comes from my Faith in Jesus Christ Nothing I've gotten has been by my own effort, and I am forever grateful for that

@developerBolu It’s good to see all you guys comment…I was able to pick one or two good/ideal practice as backend dev

as a frontend engineer, that’s nothing i find more attractive than a backend engineer one-shoting implementations. let the endpoints work as expected.

Hello everyone pls make this dream come through. Thanks for the opportunity @germanlang25 🥹🙏🏽

@donye_goodness Congratulations

God has done it again✅ 500 Level MBBS Result = 3 out of 3 Distinctions Distinction (D) in Community Health & Primary Care Distinction (D) in Obs & Gynae Distinction (D) in Paediatrics 100L-500L Result = 5.00CGPA, 11 out of 11 Distinctions. Mbbs, Unilag.

Confidence in God will always produce proves

Client sends refresh token to the server Server checks Redis to see if the token exists and its valid Server confirms the token hasn’t been used or revoked in the database Old token is canceled so it can’t be used again

revocable, rotatable) This is how I went about the flow . User login with email and password The server generates the access and refresh token I save the refresh token in the database and redis for fast lookup. To get the access token and refresh token again after expiration

Refresh tokens are important. But the real question is: should they be stateless or stateful? After some learning this is what I conclude at though I appreciate correction from any one Access tokens - stateless (JWTs, short-lived, fast) Refresh tokens - stateful (stored,

revocable, rotatable) This is how I went about the flow . User login in email and password The server generates the access and refresh token I save the refresh token in the database and redis for fast lookup. To get the access token and refresh token again after expiration

@SumitM_X Soft delete

Users get deleted, but their blog posts must stay. How do you enforce this?

I pray this goes viral 🙏🏾 I sell cassava biscuits for a living It gets to the end user at N200 A carton contains 50 sachets I am looking for distributors all over Nigeria Pls WhatsApp 08084002862 If you want to buy and taste you can buy on our website comeagainfoods.com

I planned my week well Wrote down all I needed to do for the week but Nepa said no and took the light since Tuesday and brought it back today Having to go to charge and pay so I can work since I already told my boss at my place of work that the light in my area is 80 % okay ☹️

@1FineBreed Yeah…it’s also very much important that the secret rotates in every refresh Thank you…I’m trying to learn best practices.

@Vhic_mar Sending tokens in headers over https should be secure Unique secrets for tokens is like JTI invalidation strategy It works safely if the secret rotates on every refresh; a long-lived per-user secret defeats the point because a stolen refresh token can be reused indefinitely.

I’ve always sent my refresh token in the header even though I knew my approach isn’t fully secure but today I learnt a safer approach which is When a user logs in, I create a session key to be stored in the database and then I combined the refresh token secret and the session

Every user has their own secret so that stolen tokens can’t be reused

When a user logs in with a refresh token, the server first reads the token to find which user it belongs to then it looks up the db for the user session token to rebuild the secret used to sign the refresh token. If the token matches, the user is logged in; if not, it’s rejected.

The approach i use before which I feel is less secure is that Every user token is signed with the same secret key and if someone steals one refresh token,they might try to reuse it. The approach I just learnt is that Every user gets their own secret key generated dynamically

@docikenna I’m never said token isn’t safe in headers….refresh token which is actually used for token renewal can be more secured by using a per user Dynamic refresh Token secret…just tell me you don’t understand my concept and I will explain to you again what I meant

@Vhic_mar Since when did sending tokens in the header become unsafe?