Skip to content
This repository has been archived by the owner on Sep 11, 2024. It is now read-only.

How to have a settings for auto renew token? #150

Open
newbieflutter opened this issue Jan 28, 2019 · 2 comments
Open

How to have a settings for auto renew token? #150

newbieflutter opened this issue Jan 28, 2019 · 2 comments
Labels
question

Comments

@newbieflutter
Copy link

newbieflutter commented Jan 28, 2019
edited by tuupola
Loading

Hi Mike,
I am trying to use your tool for jwt on slim framework. Currently here is how my jwt breakdown looks like.

$future = new DateTime("+100 minutes");
$server = $request->getServerParams();
$jti = (new Base62)->encode(random_bytes(16));
$payload = [
"iat" => $now->getTimeStamp(),
"exp" => $future->getTimeStamp(),
"jti" => $jti,
"sub" => $server["PHP_AUTH_USER"]
];
$secret = "test111";
$token = JWT::encode($payload, $secret, "HS256");
$data["token"] = $token;
$data["expires"] = $future->getTimeStamp();
$data["userID"] = $userID;
$data["sID"] = 1;
return $response->withStatus(201)
->withHeader("Content-Type", "application/json")
->write(json_encode($data, JSON_UNESCAPED_SLASHES | JSON_PRETTY_PRINT));

Everything works fine. Now how do I handle auto token refresh. Example in my case after 100 minutes the token will be expired then the user have to again re-login. I have few option one is to have secure storage of the password and when the token is expired I relogin using the stored password but I know this is dangerous. Another option is to generate a uuid and keep in the database for a longer expiry and every time the token expire I check the uuid and auto generate one new token. So what is your best suggestion or is there any settings for this?
@tuupola
Copy link
Owner

tuupola commented Jan 29, 2019

This middleware does not provide any ways to generate, issue or store authentication tokens. It only parses and authenticates a token when passed via header or cookie.

That said, as you mentioned refresh tokens is one way to handle this. I personally like to send a new token back to client in headers of every request. If client is inactive so long that token expires, then require a new login.

@newbieflutter
Copy link
Author

Hi Mike,
Thank you for your reply. Can the middleware check if the token have expired and next it will then extract the refresh token(Which I keep it part of the original token) and check if still valid then I will proceed to generate a new token ? So based on your suggest is every time any request made to any api you send a new token and that gets refreshed automatically which I think a good idea though.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tuupola @newbieflutter