发表新帖
发表新帖

Refresh Token Jsonwebtoken

后端 未结
关注
1 769
失恋的感觉
失恋的感觉 2021-02-01 04:25

I am using jsonwebtoken in NodeJs API application for authenticating user in my API application. The flow that I have setup is as follows:

1) The user registers through

1条回答
  • 鱼传尺愫
    鱼传尺愫 (楼主)
    2021-02-01 05:16

    I had same problem in a project.

    1) I created the refresh token and returned it when user signed in (with the jsonwebtoken). I saved the refresh token with the user.

    2) When client send a request with the expired token, server returns 401.

    3) I implemented a new path to refresh the token. It receives the refresh token and the user as param and returns a new token (jsonwebtoken).

    4) (optional) You can implement a mechanism for invalidating a refresh token, in case someone stole it

    I based my implementation in this post, really good snippets:

    Refresh token in JWT (Node.js implementation)

    Hope it helps

    0 讨论(0)
 看不清?
提交回复
热议问题