-
-
Notifications
You must be signed in to change notification settings - Fork 610
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Question about token ttl expiration. #65
Comments
Hi, The token is only generated after the form login, there is no concept of "refreshing" or "renewing" in JWT. The TTL is part of the signature so you cannot update it without invalidating the token. Once the token has expired you must generate a new one, either by asking for the user credentials or programatically. Regards. |
@slashfan Thanks. I saw that I can create new one with create method from JWTManager. But How I can generate programatically new token when it has expired ? Because if token is expired I don't know If it is correct.... Thanks |
Hi, the only way I can think of would be to bypass the expiration checking, but I wouldn't recommand it. |
ok, then I'm thinking to generate new token every x time, and return allways the token in every request. There is some method to remove the old token ? Thanks |
It could work, you can change the ttl too, or configure your client application to ask for a new token periodically. For the token invalidation, look at this cookbool entry and the IP flag examples, you should be able to customize the token validation by using the For example, you could configure an application wide key or hash, add it to the token payload and change it when you want to invalidate every token in the application. |
Hi, I'm having trouble with the token validity. |
The CORS will not help you in this case. When a token expires you have to issue a new one. |
Thank you for reactivity. |
No that bundle does not extend the lifetime of the token. When the bundle is installed an configured, your client will receive 2 tokens:
At the moment, your client acts as below:
With the refresh token enabled, the step 3 is |
@stphane What about first setting the |
Thank you for details and advices. |
The ttl token, starts to count after the last request and if one request is done the token ttl is renewed? or ttl counts form the last login ?
Thanks
Regards
The text was updated successfully, but these errors were encountered: