How to handle JWT token expiry in react native and redux app

Question

I am fairly new to implementing JWT. I had a few questions while implementing JWT. I am using axios to make requests. When the user logs in or registers. I get an accessToken, which expires in a few days. I dont have a refreshToken because I think the backend is built on django rest framework.

Now if I get a status code of 401 in a request, I try to check if the token has expired and if yes, then refresh the accessToken, but at times even the refresh token api returns 400 suggesting that this token is also expired, at which point I need the user to log out.

I think this is a bad User Experience, Why is that we cannot refresh the token using old token. Is there a way to keep it from expiring? Can anyone point me to an example which solves the following problem with a correct implementation of axios interceptors?

Answer 1

Since you are using Django rest framework, consider using Djoser with JWT tokens, then djoser sends you access and refresh tokens from the backend. Once the backend preparation is over, follow this simple article to refresh and access tokens automatically from react native. Hope it helps you.

Answer 2

You can create a token which will never expire but that's a bad idea for security reasons. If the token is stolen then someone can always access the user's data. You can set the expiration date in exp claim. Read more here: https://gist.github.com/soulmachine/b368ce7292ddd7f91c15accccc02b8df