Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Question: When to invoke refreshToken() endpoint from the client? #463

Open
cloudcompute opened this issue Mar 1, 2022 · 2 comments
Open

Comments

@cloudcompute
Copy link

I have a question relating to JWT, could you pl. answer?

There is a mutation named, refreshToken() which is exposed as an endpoint. In the documentation, there is no mention about when to make a call to this endpoint? Over there, it is just stated that send the token in the Authorization header.

Kindly make things clear by writing the generic code flow at client side. Is there any need to use a library like jwt-decode there?

@Michalphs
Copy link

Hi,
I think you should use this endpoint with refresh token as an argument when your access token has expired. As far as I know, refresh tokens are tokens with a longer lifetime.

@cloudcompute
Copy link
Author

Hi

Yes, Refresh tokens have a much longer lifetime than the access tokens.

Well, your answer is correct that we should use this endpoint when an access token gets expired. In order to do so, we need a library like jwt-decode to extract the expiry time from the access token and check it against the current time.

But this is not mentioned in the nestjs-prisma-starter's Readme file. All it says, you just need to send your access token in the header as follows: Authorization: `Bearer ${token}

In addition to jwt-decode, I think we need to implement few other things, for example, skip including the Authorization header for certain endpoints, like login, register, and probably invoking the refreshToken iteself.

@marcjulian Could you please tell us what exactly we need to at the client end?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants