Login/Register
Refresh Token Jsonwebtoken
Asked Answered
Solved node.jsapiauthenticationjson-web-token
P

1

27

I am using jsonwebtoken in NodeJs API application for authenticating user in my API application. The flow that I have setup is as follows:

1) The user registers through signup API and the access token is generated using the following:

var jwt = require('jsonwebtoken');
var token = jwt.sign(user, _conf.authentication.superSecret, {
    expiresIn: 1440 // I intend to keep it short.
});

2) The token expires in 24 hours for example. This token is returned to the client mobile application to use as header in all the subsequent API requests.

I want to know how do I work around with refresh token for jwt. Currently I don't have a mechanism for refreshing token. Hence if the token expires in 24 hours I want the client (mobile app) to be able to request a new access token. Thanks in advance.

Putrescible answered 16/6, 2016 at 12:53 Comment(1)
Have a look at my post here: #38767188 It explains a setup using refresh tokens.Isolating
C
37

I had same problem in a project.

1) I created the refresh token and returned it when user signed in (with the jsonwebtoken). I saved the refresh token with the user.

2) When client send a request with the expired token, server returns 401.

3) I implemented a new path to refresh the token. It receives the refresh token and the user as param and returns a new token (jsonwebtoken).

4) (optional) You can implement a mechanism for invalidating a refresh token, in case someone stole it

I based my implementation in this post, really good snippets:

Refresh token in JWT (Node.js implementation)

Hope it helps

Concur answered 21/11, 2016 at 10:5 Comment(5)
Let me know if you need some help or anythingConcur
solidgeargroup.com/… this site can't be reachedTraditionalism
is there any github repo for this answer?Kraken
@Kraken could you do it in that way?Buccinator
The link is dead. It seems to have moved here.Abridge

© 2022 - 2024 — McMap. All rights reserved.