stackoom
  简体   繁体   中英

How to refresh a JWT token with devise-jwt

 原文  2018-12-13 12:10:39       ruby-on-rails/ devise/ jwt

Question

Is there a way to refresh a JWT token provided by devise-jwt in Rails? Or is the best practice to force the user to re-authenticate?

1 answers

solution1
 0  2020-10-25 17:51:01

What I ended up doing is this:

In my allowlist:

def self.jwt_revoked?(payload, user)
  # Hook in here to refresh token
  token = user.allowlisted_jwts.where(payload.slice('jti', 'aud')).first
  if token.present? && (SOME LOGIC ABOUT YOUR EXPIRATION HERE)
    token.update_column(:exp, Time.now + SOME TIME)
  end
  token.blank?
end

There I would check the expiration. For example, if your token lasts 60 seconds and you want to refresh if at least 30 seconds old. You could write:

if token.present? && token.exp < (Time.now+30.seconds)
  token.update_column(:exp, Time.now+60.seconds)
end

solution2
 0  2023-01-05 07:26:08

Unfortunately Devise-jwt does not support refresh tokens. But you can find a better approach of implementing refresh token in the link implementing jwt refresh token and access token

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question ROR: devise-jwt : how to call jwt_revoked? function? Revoke access to devise-jwt on Denylist strategy Rails devise-jwt session storage How to use devise-jwt with devise for signin, signup and signout in rails api Rails Devise-JWT, how to configure devise.rb to add a dispatch_requests User authentication with Devise-jwt in Ruby On Rails as backend and Vuejs as frontend Rails devise-jwt gem is not updating jti in the user after login? Rails 6 - devise-jwt Blacklist revocation strategy not happening on sign out Can't get authentication to work with devise-jwt Issues when adding devise-jwt to a existente User model in Rails
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM