2

I am trying to reuse the same authToken generated by Rocket.Chat login API. 

{
   "status": "success",
   "data": {
      "authToken": "9HqLlyZOugoStsXCUfD_0YdwnNnunAJF8V47U3QHXSq",
      "userId": "aobEdbYhXfu5hkeqG"
    }
}

The developer guide says:

As the token expires, you have to call the login method again in order to obtain a new token with a new expiration date. You don’t have to wait until the token is expired before asking for a new token. (Link Here)

But it does not mention about the expiration date configuration. Is there some way to set unlimited expiration to the authToken?

Anita Sharma
  • 175
  • 4
  • 13

1 Answers1

7

Disclaimer: I am an employee of Rocket.Chat and I do maintain the REST API code.

That piece of documentation is incorrect and I will be submitting a pull request to resolve that. Currently the authentication tokens obtained via the Rocket.Chat REST API have no expiration date.

As of right now, there are two ways of revoking an authentication token. First is to call the api/v1/logout endpoint and the other is go into Rocket.Chat under your account and profile then clicking the button labeled "Log out from other logged in locations".

bradleyhilton
  • 376
  • 1
  • 3
  • 7
  • Is there a way to preserve the session even after restarting the meteor server? – Anita Sharma Aug 25 '17 at 15:47
  • The authentication token is stored in the database. Which means if you're using it in some other application then it should persist through a server restart. However, if you're only storing the authentication token in ram and not writing it to persistent storage, then yes you will loose it. Does that make sense and answer your question? – bradleyhilton Aug 26 '17 at 16:53
  • @bradleyhilton are you sure about tokens not expiring? I am running version 0.59.0-develop and I see that users that were created more than 3 months ago, that used to have chat auth tokens now don't have them ( I create auth tokens for all users using the API ). In the MongoDB I don't see any ttl on the serices.resume.loginToken.when_1 index however. Thanks! – Orr Dec 27 '17 at 10:06
  • @bradleyhilton i want to integrate rocket chat auto login in our jsf project can you help me how can it possible with jsf . Please see https://stackoverflow.com/questions/48095976/how-to-add-iframe-of-rocket-chat-in-website – Anuj Dhiman Jan 08 '18 at 06:22
  • 2
    @bradleyhilton I think rocket chat api, has 90 days validity on token, please update your answer, so it will be helpful for others. – Faraz Ahmed Mar 06 '20 at 12:13