Refreshing a JWT

DreamFactory uses JSON Web Tokens (JWT) to maintain user session on the server side in a stateless manner. One of the features of JWT is the ability to refresh the token without re-authenticating as long as the JWT (token) is within the allowed refresh time-frame since it was created. There are two time-to-live (TTL) values that you can configure for JWT in the .env file.

DF_JWT_TTL
- Expiration TTL. This the time (in minutes) until the token expires. After it expires it can be refreshed until DF_JWT_REFRESH_TTL.
DF_JWT_REFRESH_TTL
- Refresh TTL. This the time (in minutes) in which you can refresh the token. Between DF_JWT_TTL and DF_JWT_REFRESH_TTL the token can be refreshed as many times as you want without reauthenticating. After DF_JWT_REFRESH_TTL you must log in again.

For example, let's say your expiration TTL (DF_JWT_TTL) is 60 (1 hour) and your refresh TTL (DF_JWT_REFRESH_TTL) is 360 (6 hours). Your user authenticates at 09:00 and receives a JWT. This token is valid until 10:00. Between 10:00 and 15:00 it can be refreshed as many times as you like. When the token is refreshed the timers are reset. For example if you refresh at 13:00 then the token is valid until 14:00, and can be refreshed until 19:00.

Refreshing a JWT

Contents

API Endpoints

For admin users

Fon non-admin users

Example - Refreshing JWT for an admin user

Example - Refreshing JWT for a non-admin user

Navigation menu

Personal tools

Views

More

Search

Faux heading

Prologue

Installation, Configuration, and Updates

Features

Tutorials

Remote and Scripted Service Examples

Videos

Architecture