Refreshing a JWT
From DreamFactory
LesD6051555 (Talk | contribs) (Created page with "Hello! Let me start by saying my name - Junie Wade and I like it. North Dakota is where she as well as her hubby live and also she has every little thing that she needs there...") |
(Created page with "### Tutorial DreamFactory 2.0 uses Json Web Token (JWT) to maintain user session on the server side in a stateless manner. One of the features of JWT is the ability to refre...") |
||
| Line 1: | Line 1: | ||
| − | + | ### Tutorial | |
| + | |||
| + | DreamFactory 2.0 uses Json Web Token (JWT) to maintain user session on the server side in a stateless manner. One of the | ||
| + | features of JWT is the ability to refresh it without re-authenticating as long as the JWT (token) is within the allowed | ||
| + | refresh time-frame since it was created. There are two time-to-live (TTL) values that you can config for JWT in the .env | ||
| + | file. They are... | ||
| + | |||
| + | * DF_JWT_TTL -> Expiration TTL. This the time (in minutes) the token can be active. After this time token expires. | ||
| + | * DF_JWT_REFRESH_TTL -> Refresh TTL. This the time (in minutes) in which you can refresh the token as times as you want since it's creation. | ||
| + | |||
| + | For example, let's say your expiration TTL (DF_JWT_TTL) is 60 (1 hour) and your refresh TTL (DF_JWT_REFRESH_TTL) is 360 (6 hours). | ||
| + | Your user authenticates at 9:00 AM and receives a JWT. Now you have till 3:00 PM to be able to refresh this JWT as many times as | ||
| + | you need to. If you do to refresh the JWT it will expire at 10:00 AM but you will still have another 5 hours to refresh it. | ||
| + | Anytime the token is refreshed it will be active for another hour before it expires again. | ||
| + | |||
| + | ### API Endpoints | ||
| + | |||
| + | #### For admin users | ||
| + | |||
| + | <pre>PUT https://{url}/api/v2/system/admin/session?session_token={current_jwt}</pre> | ||
| + | |||
| + | -- OR -- | ||
| + | |||
| + | <pre>PUT https://{url}/api/v2/system/admin/session</pre> | ||
| + | |||
| + | Request header | ||
| + | <pre> | ||
| + | ... | ||
| + | X-DreamFactory-Session-Token: {JWT} | ||
| + | ... | ||
| + | </pre> | ||
| + | |||
| + | #### Fon non-admin users | ||
| + | |||
| + | <pre>PUT https://{url}/api/v2/user/session?session_token={current_jwt}</pre> | ||
| + | |||
| + | -- OR -- | ||
| + | |||
| + | <pre>PUT https://{url}/api/v2/user/session</pre> | ||
| + | |||
| + | Request header | ||
| + | <pre> | ||
| + | ... | ||
| + | X-DreamFactory-Session-Token: {JWT} | ||
| + | ... | ||
| + | </pre> | ||
| + | |||
| + | ### Example - Refreshing JWT for an admin user | ||
| + | |||
| + | * Session Token: abc.123.efg | ||
| + | * Request URL: | ||
| + | <pre>PUT https://foo.com/api/v2/system/admin/session?session_token=abc.123.efg</pre> | ||
| + | |||
| + | -- OR -- | ||
| + | |||
| + | * Session Token: abc.123.efg | ||
| + | * Request header: | ||
| + | Request header | ||
| + | <pre> | ||
| + | ... | ||
| + | X-DreamFactory-Session-Token: abc.123.efg | ||
| + | ... | ||
| + | </pre> | ||
| + | * Request URL: | ||
| + | <pre>PUT https://foo.com/api/v2/system/admin/session</pre> | ||
| + | |||
| + | ### Example - Refreshing JWT for a non-admin user | ||
| + | |||
| + | * Session Token: abc.123.efg | ||
| + | * Request URL: | ||
| + | <pre>PUT https://foo.com/api/v2/user/session?session_token=abc.123.efg</pre> | ||
| + | |||
| + | -- OR -- | ||
| + | |||
| + | * Session Token: abc.123.efg | ||
| + | * Request header: | ||
| + | Request header | ||
| + | <pre> | ||
| + | ... | ||
| + | X-DreamFactory-Session-Token: abc.123.efg | ||
| + | ... | ||
| + | </pre> | ||
| + | * Request URL: | ||
| + | <pre>PUT https://foo.com/api/v2/user/session</pre> | ||
Revision as of 18:19, 15 October 2015
- Tutorial
DreamFactory 2.0 uses Json Web Token (JWT) to maintain user session on the server side in a stateless manner. One of the features of JWT is the ability to refresh it without re-authenticating as long as the JWT (token) is within the allowed refresh time-frame since it was created. There are two time-to-live (TTL) values that you can config for JWT in the .env file. They are...
- DF_JWT_TTL -> Expiration TTL. This the time (in minutes) the token can be active. After this time token expires.
- DF_JWT_REFRESH_TTL -> Refresh TTL. This the time (in minutes) in which you can refresh the token as times as you want since it's creation.
For example, let's say your expiration TTL (DF_JWT_TTL) is 60 (1 hour) and your refresh TTL (DF_JWT_REFRESH_TTL) is 360 (6 hours). Your user authenticates at 9:00 AM and receives a JWT. Now you have till 3:00 PM to be able to refresh this JWT as many times as you need to. If you do to refresh the JWT it will expire at 10:00 AM but you will still have another 5 hours to refresh it. Anytime the token is refreshed it will be active for another hour before it expires again.
- API Endpoints
- For admin users
PUT https://{url}/api/v2/system/admin/session?session_token={current_jwt}
-- OR --
PUT https://{url}/api/v2/system/admin/session
Request header
...
X-DreamFactory-Session-Token: {JWT}
...
- Fon non-admin users
PUT https://{url}/api/v2/user/session?session_token={current_jwt}
-- OR --
PUT https://{url}/api/v2/user/session
Request header
...
X-DreamFactory-Session-Token: {JWT}
...
- Example - Refreshing JWT for an admin user
- Session Token: abc.123.efg
- Request URL:
PUT https://foo.com/api/v2/system/admin/session?session_token=abc.123.efg
-- OR --
- Session Token: abc.123.efg
- Request header:
Request header
... X-DreamFactory-Session-Token: abc.123.efg ...
- Request URL:
PUT https://foo.com/api/v2/system/admin/session
- Example - Refreshing JWT for a non-admin user
- Session Token: abc.123.efg
- Request URL:
PUT https://foo.com/api/v2/user/session?session_token=abc.123.efg
-- OR --
- Session Token: abc.123.efg
- Request header:
Request header
... X-DreamFactory-Session-Token: abc.123.efg ...
- Request URL:
PUT https://foo.com/api/v2/user/session
