Refreshing a JWT

From DreamFactory
Jump to: navigation, search
DreamFactoryTutorialsRefreshing a JWT

Tutorial

DreamFactory 2.0 uses Json Web Token (JWT) to maintain user session on the server side in a stateless manner. One of the features of JWT is the ability to refresh it without re-authenticating as long as the JWT (token) is within the allowed refresh time-frame since it was created. There are two time-to-live (TTL) values that you can config for JWT in the .env file. They are... 

   * DF_JWT_TTL            
   Expiration TTL. This the time (in minutes) the token can be active. After this time token expires.
   * DF_JWT_REFRESH_TTL    
   Refresh TTL. This the time (in minutes) in which you can refresh the token as times as you want since it's creation.

For example, let's say your expiration TTL (DF_JWT_TTL) is 60 (1 hour) and your refresh TTL (DF_JWT_REFRESH_TTL) is 360 (6 hours). Your user authenticates at 9:00 AM and receives a JWT. Now you have till 3:00 PM to be able to refresh this JWT as many times as you need to. If you do to refresh the JWT it will expire at 10:00 AM but you will still have another 5 hours to refresh it. Anytime the token is refreshed it will be active for another hour before it expires again.

API Endpoints

For admin users

PUT https://{url}/api/v2/system/admin/session?session_token={current_jwt}

-- OR -- 

PUT https://{url}/api/v2/system/admin/session

Request header 

...
X-DreamFactory-Session-Token: {JWT}
...

Fon non-admin users

PUT https://{url}/api/v2/user/session?session_token={current_jwt}

-- OR -- 

PUT https://{url}/api/v2/user/session

Request header 

...
X-DreamFactory-Session-Token: {JWT}
...

Example - Refreshing JWT for an admin user

  • Session Token: abc.123.efg
  • Request URL:
PUT https://foo.com/api/v2/system/admin/session?session_token=abc.123.efg

-- OR --

  • Session Token: abc.123.efg
  • Request header:

Request header 

...
X-DreamFactory-Session-Token: abc.123.efg
...
  • Request URL:
PUT https://foo.com/api/v2/system/admin/session

Example - Refreshing JWT for a non-admin user

  • Session Token: abc.123.efg
  • Request URL:
PUT https://foo.com/api/v2/user/session?session_token=abc.123.efg

-- OR --

  • Session Token: abc.123.efg
  • Request header:

Request header 

...
X-DreamFactory-Session-Token: abc.123.efg
...
  • Request URL:
PUT https://foo.com/api/v2/user/session
Retrieved from "https://wiki.dreamfactory.com/index.php?title=DreamFactory/Tutorials/Refreshing_a_JWT&oldid=31737"