Refreshing a JWT
Tracyosborn (Talk | contribs) m (Updated code examples to have example first and details after) |
|||
| Line 6: | Line 6: | ||
file. They are... | file. They are... | ||
| − | + | * DF_JWT_TTL | |
| − | + | ** ''Expiration TTL. This the time (in minutes) the token can be active. After this time token expires.'' | |
| − | + | * DF_JWT_REFRESH_TTL | |
| − | + | ** ''Refresh TTL. This the time (in minutes) in which you can refresh the token as times as you want since it's creation.'' | |
For example, let's say your expiration TTL (DF_JWT_TTL) is 60 (1 hour) and your refresh TTL (DF_JWT_REFRESH_TTL) is 360 (6 hours). | For example, let's say your expiration TTL (DF_JWT_TTL) is 60 (1 hour) and your refresh TTL (DF_JWT_REFRESH_TTL) is 360 (6 hours). | ||
| Line 50: | Line 50: | ||
=== Example - Refreshing JWT for an admin user === | === Example - Refreshing JWT for an admin user === | ||
| − | + | Request URL: | |
| − | + | ||
<pre>PUT https://foo.com/api/v2/system/admin/session?session_token=abc.123.efg</pre> | <pre>PUT https://foo.com/api/v2/system/admin/session?session_token=abc.123.efg</pre> | ||
| + | * Session Token: abc.123.efg | ||
| + | |||
-- OR -- | -- OR -- | ||
| − | |||
| − | |||
Request header | Request header | ||
<pre> | <pre> | ||
| Line 64: | Line 63: | ||
... | ... | ||
</pre> | </pre> | ||
| − | * Request URL: | + | * Session Token: abc.123.efg |
| + | |||
| + | |||
| + | Request URL: | ||
<pre>PUT https://foo.com/api/v2/system/admin/session</pre> | <pre>PUT https://foo.com/api/v2/system/admin/session</pre> | ||
=== Example - Refreshing JWT for a non-admin user === | === Example - Refreshing JWT for a non-admin user === | ||
| − | + | Request URL: | |
| − | + | ||
<pre>PUT https://foo.com/api/v2/user/session?session_token=abc.123.efg</pre> | <pre>PUT https://foo.com/api/v2/user/session?session_token=abc.123.efg</pre> | ||
| + | |||
| + | * Session Token: abc.123.efg | ||
| + | |||
-- OR -- | -- OR -- | ||
| − | |||
| − | |||
Request header | Request header | ||
<pre> | <pre> | ||
| Line 83: | Line 85: | ||
... | ... | ||
</pre> | </pre> | ||
| − | * Request URL: | + | |
| + | * Session Token: abc.123.efg | ||
| + | |||
| + | |||
| + | Request URL: | ||
<pre>PUT https://foo.com/api/v2/user/session</pre> | <pre>PUT https://foo.com/api/v2/user/session</pre> | ||
Revision as of 22:40, 5 May 2016
Contents
Tutorial
DreamFactory 2.0 uses Json Web Token (JWT) to maintain user session on the server side in a stateless manner. One of the features of JWT is the ability to refresh it without re-authenticating as long as the JWT (token) is within the allowed refresh time-frame since it was created. There are two time-to-live (TTL) values that you can config for JWT in the .env file. They are...
- DF_JWT_TTL
- Expiration TTL. This the time (in minutes) the token can be active. After this time token expires.
- DF_JWT_REFRESH_TTL
- Refresh TTL. This the time (in minutes) in which you can refresh the token as times as you want since it's creation.
For example, let's say your expiration TTL (DF_JWT_TTL) is 60 (1 hour) and your refresh TTL (DF_JWT_REFRESH_TTL) is 360 (6 hours). Your user authenticates at 9:00 AM and receives a JWT. Now you have till 3:00 PM to be able to refresh this JWT as many times as you need to. If you do to refresh the JWT it will expire at 10:00 AM but you will still have another 5 hours to refresh it. Anytime the token is refreshed it will be active for another hour before it expires again.
API Endpoints
For admin users
PUT https://{url}/api/v2/system/admin/session?session_token={current_jwt}
-- OR --
PUT https://{url}/api/v2/system/admin/session
Request header
...
X-DreamFactory-Session-Token: {JWT}
...
Fon non-admin users
PUT https://{url}/api/v2/user/session?session_token={current_jwt}
-- OR --
PUT https://{url}/api/v2/user/session
Request header
...
X-DreamFactory-Session-Token: {JWT}
...
Example - Refreshing JWT for an admin user
Request URL:
PUT https://foo.com/api/v2/system/admin/session?session_token=abc.123.efg
- Session Token: abc.123.efg
-- OR --
Request header
... X-DreamFactory-Session-Token: abc.123.efg ...
- Session Token: abc.123.efg
Request URL:
PUT https://foo.com/api/v2/system/admin/session
Example - Refreshing JWT for a non-admin user
Request URL:
PUT https://foo.com/api/v2/user/session?session_token=abc.123.efg
- Session Token: abc.123.efg
-- OR --
Request header
... X-DreamFactory-Session-Token: abc.123.efg ...
- Session Token: abc.123.efg
Request URL:
PUT https://foo.com/api/v2/user/session
