Is there a way to refresh a JWT token provided by devise-jwt in Rails? Or is the best practice to force the user to re-authenticate?
What I ended up doing is this:
In my allowlist:
def self.jwt_revoked?(payload, user)
# Hook in here to refresh token
token = user.allowlisted_jwts.where(payload.slice('jti', 'aud')).first
if token.present? && (SOME LOGIC ABOUT YOUR EXPIRATION HERE)
token.update_column(:exp, Time.now + SOME TIME)
end
token.blank?
end
There I would check the expiration. For example, if your token lasts 60 seconds and you want to refresh if at least 30 seconds old. You could write:
if token.present? && token.exp < (Time.now+30.seconds)
token.update_column(:exp, Time.now+60.seconds)
end
Unfortunately Devise-jwt does not support refresh tokens. But you can find a better approach of implementing refresh token in the link implementing jwt refresh token and access token
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.