Sagar Gopale Sagar Gopale - 4 months ago 53
Node.js Question

Refresh Token Jsonwebtoken

I am using jsonwebtoken in NodeJs API application for authenticating user in my API application. The flow that I have setup is as follows:

1) The user registers through signup API and the access token is generated using the following:

var jwt = require('jsonwebtoken');
var token = jwt.sign(user, _conf.authentication.superSecret, {
expiresIn: 1440 // I intend to keep it short.

2) The token expires in 24 hours for example. This token is returned to the client mobile application to use as header in all the subsequent API requests.

I want to know how do I work around with refresh token for jwt. Currently I don't have a mechanism for refreshing token. Hence if the token expires in 24 hours I want the client (mobile app) to be able to request a new access token.
Thanks in advance.


I had same problem in a project.

1) I created the refresh token and returned it when user signed in (with the jsonwebtoken). I saved the refresh token with the user.

2) When client send a request with the expired token, server returns 401.

3) I implemented a new path to refresh the token. It receives the refresh token and the user as param and returns a new token (jsonwebtoken).

4) (optional) You can implement a mechanism for invalidating a refresh token, in case someone stole it

I based my implementation in this post, really good snippets:

Refresh token in JWT (Node.js implementatio)

Hope it helps