jwt_refresh.rdoc

doc/jwt_refresh.rdoc
Last Update: 2019-06-06 10:34:09 -0700

Documentation for JWT Refresh Feature

The jwt_refresh feature adds support for a database-backed JWT refresh token, setting a short lifetime on JWT access tokens.

When this feature is used, the access and refresh token are provided at login in the response body (the access token is still provided in the Authorization header), and for any subsequent POST to /jwt-refresh.

Note that using the refresh token invalides the old refresh token and creates a new access token with an updated lifetime. However, it does not invalidate older access tokens. Older access tokens remain valid until they expire.

This feature depends on the jwt feature.

Auth Value Methods

jwt_access_token_key

Name of the key in the response json holding the access token. Default is access_token.

jwt_access_token_not_before_period

How many seconds before the current time will the jwt be considered valid (to account for inaccurate clocks). Default is 5.

jwt_access_token_period

Validity of an access token in seconds, default is 1800 (30 minutes).

jwt_refresh_invalid_token_message

Error message when the provided refresh token is non existent, invalid or expired.

jwt_refresh_token_account_id_column

The column name in the refresh token table storing the account id, should be a foreign key referencing the accounts table.

jwt_refresh_token_deadline_column

The column name in the refresh token keys table storing the deadline after which the refresh token will no longer be valid.

jwt_refresh_token_deadline_interval

validity of a refresh token. Default is 14 days.

jwt_refresh_token_id_column

The column name in the refresh token keys table storing the id of each token (the primary key of the table).

jwt_refresh_token_key

Name of the key in the response json holding the refresh token. Default is refresh_token.

jwt_refresh_token_key_column

The column name in the refresh token keys table holding the refresh token key value.

jwt_refresh_token_key_param

Name of parameter in which the refresh token is provided when requesting a new token. Default is refresh_token.

jwt_refresh_token_table

Name of the table holding refresh token keys.

Auth Methods

after_refresh_token

Hooks for specific processing once the refresh token has been set.

account_from_refresh_token(token)

Returns the account hash for the given refresh token.

before_refresh_token

Hooks for specific processing before the refresh token is computed.