When the token is generated by sending a HTTP request to web API & the user has started working on the application that generated token is used in a particular session of the application. If during any HTTP request from the application to web API if JWT token expires WEB API won't return data. How is this situation handled in the application without any misbehavior or without troubling the user how that request will be continued? And even if we generate a refresh token how to continue with the same HTTP request without troubling the user? (If we store the generated token in the database then we know the token is valid but expired)
Asked
Active
Viewed 694 times
0
-
Do you mean JWT automatic prolongation of expiration ? Does [this](https://stackoverflow.com/questions/26739167/jwt-json-web-token-automatic-prolongation-of-expiration) answer help? – Qing Guo Feb 22 '23 at 06:28
2 Answers
0
Try this :
- Write backend refresh token API and allow an authenticated user to refresh their JWT token
- In Frontend before requesting the API call decode the user's current JWT token and check whether it is expired or not. https://www.npmjs.com/package/jwt-decode
- If the token expired call the refresh token API before the actual request.
If you are using Angular or React library then there is a mechanism called HTTP_interceptor
Sivakumar
- 56
- 1
- 8
0
We also give a refresh token to the user along with the token, which has no claim and only has a username and a long expiration date. Every time the token expires, the security part of the applicationlooks at the refresh token and issues a new token for that username. You can manage the issuance of program tokens by setting the refresh token lifetime
Soheil Babadi
- 562
- 2
- 4
- 15