-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Question: how would you renew a token? #316
Comments
@papaiatis some questions to understand context:
|
Thanks! |
Who checks that? frontend or backend? Frontend: You may not need that, just keep in your js code a "timer", it gets restarted/checked on every action (timer > Backend: You would need to renew the token and send it back on each server action (cookie? header?) renew the token: maybe with something like: #172 |
Actually both. In frontend I'm using this module: https://github.com/auth0/angular2-jwt which checks the token on each request. In backend, I check it manually. Thanks for the tip, I'll take a look at the mentioned issue ASAP. |
Sorry for the late reply. So I ended up creating a "renew token" API endpoint which I call when my angular 2 application starts up and then every 5 minutes. The server then returns me back a renewed token which I store in local storage. |
Thanks for letting us know your final solution! |
@papaiatis From security perspective, the token should be pushed from the server site instead of client-side to I'm not sure how can we do it as it will conflict with the stateless property of JWT. |
Hi all,
I'm just started with JWT and it looks very promising!
I have backend (npm) and frontend (angular2) too. When the user logs in I create a JWT and send it to frontend. I use your angular2-jwt module to store the token in localStorage.
So user uses the webpage without any issues and then suddenly he gets an error telling him his token is expired. This is valid, because, lets say, he logged in 2 hours ago and the JWT is configured to expire after 2 hours. But in the meantime the user used the website so the JWT should have been continuously updated with an expiry time of "last activity + 2 hours".
Am I right? If so, how would you do that?
Thank you!
The text was updated successfully, but these errors were encountered: