Reputation: 3714
Refreshing JWT token - Do it? When?
I have Native Phone App (in React Native) and Express REST API with auth based on JWT. I have 7 day expiration set.
Am I supposed to refresh (generate new and throw old) token every time user 'cold' open app (for example after 2 days of inactivity)?
Or just use the old one and refresh it like 1 day before or ask for login combo again.
So my questions are: Refresh it? And if yes, when?
Upvotes: 0
Views: 237
Answers (1)
Reputation: 331
you have to use Refresh token and Access token, it's very simple, every Access token (your current JWT) has 7 or 3 days to expiration, and your Refresh token have not expiration time, client will send access token after expiration time and got 401 Unauthorized error, your client have request to refresh token route and get a new access token that has 7 days of expiration time. it's like to user login with another token instead Username and Password.
Access and Refresh tokens in NodeJS
Upvotes: 1
Related Questions
- JWT refresh token strategy
- refresh JWT token when expire time is reached
- JWT refresh Token Implementation
- JWT Token Refresh Invoking
- secured API with a JWT
- Access Token and Refresh Token Dilema - JWT
- React native Refresh works but next call still uses the last token
- Best practices for refreshing JWT in SPA?
- React Native + JWT still need refresh token?
- JWT refresh token or not