0

The expiration time for the token I am creating is one week

expiration_time = timedelta(weeks=1)
app.config['JWT_ACCESS_TOKEN_EXPIRES'] = expiration_time

How do I make the token last longer if the user use it before it expires? like e.g. if the user uses the token and sends a message, I would like to refresh the token's expiration time and make it a week again. Is there any way to do so?

nazeeroo bu
  • 177
  • 1
  • 9
  • 1
    The access token can't be changed. You can send a new access token directly or use a refresh token. Here is an explanation about refresh tokens: https://stackoverflow.com/questions/44976677/should-i-explicitly-send-the-refresh-token-to-get-a-new-access-token-jwt/44977875#44977875 A refresh token is valid for a longer time than the access token. – jps Feb 15 '18 at 20:49

1 Answers1

1

You cannot change the expiration_time of access token.The OAuth 2.0 spec recommends a combination of access tokens and refresh tokens for maximum security and flexibility.

Services using this method will issue access tokens that lasts anywhere from several hours to a couple of weeks. Along with the access token, the services also send a refresh token which can be used to fetch access token.

You can calculate the expiration date based on the expires_in value in the response and store both the access token and expiration date in memory and write a scheduler which runs in the background and fetches the access token before it expires in the background.

RSingh
  • 660
  • 5
  • 14