Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

JWT token expiration

See original GitHub issue

I’m getting this error after Firebase JWT token expires (1 hour):

{"graphQLErrors":[],"networkError":{"response":{},"statusCode":400,"result":{"errors":[{"path":"$","error":"Could not verify JWT: JWTExpired","code":"invalid-jwt"}]}},"message":"Network error: Response not successful: Received status code 400"}

Docs mention that graphql-engine will refresh the JWKs automatically. Is there some setting I’m missing?

Issue Analytics

State:
Created 5 years ago
Comments:13 (3 by maintainers)

Top GitHub Comments

2reactions

dimoftecommented, Jun 4, 2019

@pyankoff I solved the problem, it was caused by a silly thing: I had a test console.error left in case of subscription error. In react-native development mode, this becomes a fatal error, and it was thrown before the SDK refreshed the tokens. W/o this, the SDK keeps the tokens up to date. Which means your code also works for long-running subscriptions. But, on a side note, I think a better approach is to set the connectionParams on the WebSocketLink, to avoid fetching a new token for each new request Thanks for the help!

2reactions

pyankoffcommented, Jun 3, 2019

Yeah, using firebase. I’m getting the firebase token on every request: const token = await user.getIdToken(). Not sure it will fix the 1h problem, but here is my code using Apollo:

const wsLink = new WebSocketLink({
  uri: WS_URL,
  options: {
    lazy: true,
    reconnect: true,
    connectionParams: async () => {
      const token = await user.getIdToken();
      return {
        headers: {
          Authorization: token ? `Bearer ${token}` : "",
        },
      }
    },
  },
})

Top Results From Across the Web

Managing JWT token expiration - Medium

A JWT token that never expires is dangerous if the token is stolen then someone can always access the user's data. Quoted from...

What are Refresh Tokens and How They Interact with JWTs?

Authentication is implemented through JWT access tokens along with refresh tokens. The API returns a short-lived token (JWT), which expires in 15 minutes, ......

How to deal with JWT expiration? - Discover gists · GitHub

A JWT token that never expires is dangerous if the token is stolen then someone can always access the user's data. Quoted from...

How long JWT token valid ? - GeeksforGeeks

Syntax: · Parameters: · Return type: This method will return JWT token · Example: Creating a token with 10 minutes expiry. · Step...

authentication - Time expiration issue in JWT - Stack Overflow

In session based, of course there is a expiration time. So if user is not active for a while, his session get expired....