Update token after password change in Phonegap

Question

I am new to token based authentication and doing the following:

Authenticate the user by email and password,
get a token back from backend,
store the token in local storage,
check to see if a token is present. If yes then user is logged in.

What what I want to achieve is that if the user changes his password then the client should prompt for fresh login. How can this be done?

when he changes password refresh the token from server. – Deep Mehta Jul 21 '15 at 17:05 — Deep Mehta, Jul 21 '15 at 17:05

score 0 · Answer 1 · edited May 23 '17 at 11:44

This depends whether you are using Refresh Tokens or not as user Gopinath Shiva describes in his answer to question about somewhat same domain.

If you use Refresh Tokens, then

When the user changes his password, change the refresh token of the user. Hence the remaining session will get logged out soon.

If you don't, then

When the user changes his password, note the change password time in the user db, so when the change password time is greater than the token creation time, then token is not valid. Hence the remaining session will get logged out soon.

Update token after password change in Phonegap

1 Answers1