Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Generate 2 tokens with different exp time

See original GitHub issue

I’m trying to generate 2 tokens: authorization token and refresh token. These tokens usually have different validity time. I can make a PR to add the options object in jwtService.sign, jwtService.verify, in order to override the existing JWT_MODULE_OPTIONS if another options are provided when calling the methods. This way we can generate an authorization token for 1 minute and a refresh token for let’s say 8h.

I’m submitting a…


[ ] Regression 
[ ] Bug report
[x] Feature request
[ ] Documentation issue or request
[ ] Support request => Please do not submit support request here, instead post your question on Stack Overflow.

Current behavior

In the current implementation you can generate tokens with the same validity time. Authorization token and refresh token would have the same validity time and this defies the whole purpose of this auth mechanism.

Expected behavior

Being able to generate tokens with different validity time.

Minimal reproduction of the problem with instructions

What is the motivation / use case for changing the behavior?

Generate tokens with different validity time.

Environment


Nest version: 5.2.1

 
For Tooling issues:
- Node version: 10.11.0  
- Platform:  Mac

Others:

Issue Analytics

State:
Created 5 years ago
Comments:8 (2 by maintainers)

Top GitHub Comments

16reactions

erezgercommented, Jul 17, 2019

hello what about two different secret keys? secret key for access token and different secret key for refresh token?

12reactions

quangpdtcommented, Oct 28, 2019

A simple implementation can help you on this without module support:

Install jsonwebtoken package and its type definition:

npm i jsonwebtoken  
npm i -D @types/jsonwebtoken

Implement the refresh token like these:

import * as jwt from 'jsonwebtoken';

public createToken({ id, email, role }: UserModel) {
    const user = { id, email, role };
    const token = this.jwtService.sign(user);
    const refreshToken = jwt.sign(user, refreshTokenSecretKey, { expiresIn: '14d' });
    return {
        expires_in: expiresIn,
        access_token: token,
        refresh_token: refreshToken,
    };
}

Hope this help!

Top Results From Across the Web

Token Best Practices - Auth0

Lists best practices when using tokens in authentication and authorization.

How To Use JSON Web Tokens (JWTs) in Express.js

The token expire time. The token secret is a long random string used to encrypt and decrypt the data. To generate this secret,...

Specify the maximum token expiration time—Portal for ArcGIS

Specify the maximum token expiration time · ArcGIS token—120 minutes · OAuth access token, when created with the Implicit or Client Credentials grant...

Changing token expiration (time-to-live) - Apache Usergrid

By default, all tokens have a system-defined time-to-live of 7 days (604800 seconds). Note that Token ttl is specified in milliseconds, but when...

Generating Tokens for API Requests - Apple Developer

Create JSON Web Tokens signed with your private key to authorize API requests. ... exp - Expiration Time. The token's expiration time in...