How to use jwt refresh tokens

Question

I am working with python flask_jwt_extended to handle jwt. I have a refresh endpoint (from the docs) as follows:

# The jwt_refresh_token_required decorator insures a valid refresh
# token is present in the request before calling this endpoint. We
# can use the get_jwt_identity() function to get the identity of
# the refresh token, and use the create_access_token() function again
# to make a new access token for this identity.
@app.route('/refresh', methods=['POST'])
@jwt_refresh_token_required
def refresh():
    current_user = get_jwt_identity()
    ret = {
        'access_token': create_access_token(identity=current_user)
    }
    return jsonify(ret), 200

I am unsure when I am supposed to call this endpoint in my front end. When I try to use a protected endpoint I get the following (this is expected):

{
  "msg": "Token has expired"
}

How am I supposed to know to refresh the token before expiry on the front end and how would it do so?

score 0 · Answer 1 · answered May 10 '20 at 09:19

0

So what you typically do is have 2 endpoints one which issues the token

And a refresh one that issues a refresh token

So on your 1st call from you JS code you would get the token. The token typically includes a DateTime or expiry (say in seconds)

Then in your JS you would check how much time you token has left and if it's not much you should call your refrehtoken route to get a new token

answered May 10 '20 at 09:19

sacha barber

2,214
1
24
37

Going off your explanation, for each HTML page, I can have a js file that will handle refreshing tokens. Isn't all the token information stored in an HTTPOnly cookie and if so, how would I access this? – msche May 10 '20 at 10:35
No you normally have a common token service In JS that would get broken and store in local storage and would be responsible for handling creating the Berarer token header for each request – sacha barber May 10 '20 at 15:21

How to use jwt refresh tokens

1 Answers1