0

i'm currently developing a multiplayer turn base card game with Unity. The multiplayer architecture will be using websocket (NodeJS Socket.IO) and for the security wise, i'm using JWT with refresh token after access token expired.

Everytime when i emit a request to websocket, i will emit the request along with the access token. By right when the access token has expired, i should revoke a new access token with refresh token. My concern here is the refresh token handling. Should i emit request back to client for getting the refresh token and re-emit the refresh token back to websocket to renew the access token? To renew the access token, I will validate the refresh token through Database to make sure the token is valid. I am wondering the entire process is appropriate and causing any delay(lagging) since it is real-time multiplayer game.

Anyone here able to give some advice?

user5509129
  • 21
  • 4

1 Answers1

1

If you see a traditional HTTP API which is authenticated based on an access/refresh token, the application tracks the expiry time of the token on its own (this means JWT should have an exp timestamp). If the application detects the access token is about to be expired, it fetches as a new one from the server exchanging the refresh token.

Same flow holds valid here

  1. Check the expiry timestamp with current timestamp (minus some buffer time).
  2. If the access token is about to expire, get a new one from the server and proceed with the previous call.
abskmj
  • 760
  • 3
  • 6