Stateless Session Management
Authopia uses stateless sessions. That means that sessions are not stored on the server side. It uses JWT tokens which are cryptographically signed by Authopia.
For you to verify a token's validity you need to use our provided public key and check the signature which is inside the token. If it’s valid - data in JWT can be trusted.
JWTs have great security and also it can be validated on the client side only, meaning that you’ll not have major performance decreases for this particular action.
After Authopia authenticates the user it returns ID token via widget
onSuccess
callback, which is valid for 30 minutes. Also access token and Refresh token are returned as secure HTTP only cookies for further communication with Authopia
Last updated