Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Expired Token auto refresh #115

Open
northkode opened this issue Apr 26, 2018 · 3 comments
Open

Expired Token auto refresh #115

northkode opened this issue Apr 26, 2018 · 3 comments
Labels
question

Comments

@northkode
Copy link

Is there a way to auto bump up the expire date of a token on decode?
@tuupola
Copy link
Owner

tuupola commented Dec 13, 2018

You could regenerate the token with every request and send it back to the client with response headers.

@sinuraya
Copy link

sinuraya commented Dec 24, 2018
edited

On user login send a refresh token with expiry date to the client.
When the JWT is expired, the client can request a new JWT using stored refresh token without making user to login again.

@BjornFridal
Copy link

BjornFridal commented Feb 12, 2019
edited

@tuupola Wouldn't regenerating the token on each request mean that you could potentially end up with a lot of valid tokens that are not in use and hasn't expired? Say that my token has a lifespan of 15 minutes and that I make 10 requests to the server in 3 minutes. Not unrealistic I would think. If I regenerate the token on each request, then I would end up with 10 unexpired tokens, 9 of which are no longer being used.

Of course the server doesn't store the tokens, and I only store the latest token on the client, so I guess the only real issue is if the tokens were intercepted somehow.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@tuupola @BjornFridal @sinuraya @northkode