Skip to content

Commit

Permalink
docs: describe JWT refresh flow
Browse files Browse the repository at this point in the history
  • Loading branch information
ohrstrom committed Jul 18, 2024
1 parent 78e0d67 commit 78be995
Showing 1 changed file with 26 additions and 1 deletion.
27 changes: 26 additions & 1 deletion docs/api/account.md
Original file line number Diff line number Diff line change
@@ -36,7 +36,7 @@ Authorization: Bearer <accessToken>
```


#### Refreshing JWT Token
#### Refreshing JWT Token (Sliding)

The provided token has a limited lifetime ("a couple of hours") - see `core/settings/base.py` for configured token
lifetimes.
@@ -58,6 +58,31 @@ which will (amongst others) include an updated token:
}
```


#### Refreshing JWT Token (Explicit)

The provided token can also be used as a "refresh-token" to obtain a new token.
It contains two "claims":
- `exp`: the expiration time of the token
- `refresh_exp`: the expiration time as long the token can be used to optain a new token

So if a token is expired by `exp` but still valid by `refresh_exp` it can be used to obtain a new token:

```
POST: /api/v1/jwt/refresh/
{
"token": "<accessToken>"
}
```

```json
{
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCK0..."
}
```


### User Details

Expandable details: `settings`, `subscription`, `address`

0 comments on commit 78be995

Please sign in to comment.