Advance refresh token

[asad-devx]

Currently, the refresh token feature is implemented in a simple stateless way. Here are some of advanced features we have to discuss for further enhancement.

• User entity can have isActive flag so that we can sometimes block a user to generate new auth token thru refresh token or log in.
• Currently refresh token is stateLess (not saving it in DB). We can make some module configuration to save refreshToken in DB.
• For stateful we can have configuration value to decide whether to keep multiple refreshToken alive for same user at a time.
• Optionally we can save device id to keep track of devices logged in.
• For stateful refresh token, we have to write logout API, and optional parameter top logout from all device.

Authmodule.forRoot({
   stateLessTokenRefresh: true, // will not save, or check refresh token validity in db
   supportMultiDeviceLogin: true, // will store multiple refresh token for one user
})