Refreshing a JWT

From DreamFactory
Jump to: navigation, search
DreamFactoryTutorialsRefreshing a JWT
      1. Tutorial

DreamFactory 2.0 uses Json Web Token (JWT) to maintain user session on the server side in a stateless manner. One of the features of JWT is the ability to refresh it without re-authenticating as long as the JWT (token) is within the allowed refresh time-frame since it was created. There are two time-to-live (TTL) values that you can config for JWT in the .env file. They are...

  • DF_JWT_TTL -> Expiration TTL. This the time (in minutes) the token can be active. After this time token expires.
  • DF_JWT_REFRESH_TTL -> Refresh TTL. This the time (in minutes) in which you can refresh the token as times as you want since it's creation.

For example, let's say your expiration TTL (DF_JWT_TTL) is 60 (1 hour) and your refresh TTL (DF_JWT_REFRESH_TTL) is 360 (6 hours). Your user authenticates at 9:00 AM and receives a JWT. Now you have till 3:00 PM to be able to refresh this JWT as many times as you need to. If you do to refresh the JWT it will expire at 10:00 AM but you will still have another 5 hours to refresh it. Anytime the token is refreshed it will be active for another hour before it expires again.

      1. API Endpoints
        1. For admin users
PUT https://{url}/api/v2/system/admin/session?session_token={current_jwt}

-- OR --

PUT https://{url}/api/v2/system/admin/session

Request header

...
X-DreamFactory-Session-Token: {JWT}
...
        1. Fon non-admin users
PUT https://{url}/api/v2/user/session?session_token={current_jwt}

-- OR --

PUT https://{url}/api/v2/user/session

Request header

...
X-DreamFactory-Session-Token: {JWT}
...
      1. Example - Refreshing JWT for an admin user
  • Session Token: abc.123.efg
  • Request URL:
PUT https://foo.com/api/v2/system/admin/session?session_token=abc.123.efg

-- OR --

  • Session Token: abc.123.efg
  • Request header:

Request header

...
X-DreamFactory-Session-Token: abc.123.efg
...
  • Request URL:
PUT https://foo.com/api/v2/system/admin/session
      1. Example - Refreshing JWT for a non-admin user
  • Session Token: abc.123.efg
  • Request URL:
PUT https://foo.com/api/v2/user/session?session_token=abc.123.efg

-- OR --

  • Session Token: abc.123.efg
  • Request header:

Request header

...
X-DreamFactory-Session-Token: abc.123.efg
...
  • Request URL:
PUT https://foo.com/api/v2/user/session