Setting up user session tokens so that the session may be refreshed indefinitely without providing credentials again. This is similar to the Facebook model, where a device remains logged into an account forever, unless explicitly logged out.
You may configure user sessions to never expire. This means that a session may be refreshed forever without providing the user's credentials again. The initial
session_token will be valid until the token TTL (time-to-live) expires, after which a new
session_token value may be obtained by simply refreshing the original session. This may be repeated for the same session indefinitely, or until an explicit logout (session deletion).
To set up forever sessions, we will configure
DF_JWT_TTL in the
.env file. The
.env file for a DreamFactory instance is located at the installation's root directory. Note that
DF_JWT_REFRESH_TTL will be ignored once
DF_ALLOW_FOREVER_SESSIONS is set to true.
- Example: using the admin app GUI
1. Create a role with the desired access.
- Navigate to 'Roles' > 'Create', enter 'Name' and 'Description' values, and check the box labeled 'Active'.
- Example: calling the API directly
The below API calls will be made from cURL for the sake of raw simplicity.
1. Instantiate an admin session.
To test from the REST API client or app of your choice, simply make an unauthenticated API call to the resource(s) you've made available using the API key you've created.
- Using cURL
To list the contents of the
images folder from cURL:
- Using a REST client
From a REST client such as the POSTman extension for Google Chrome, to list the contents of the