Best way to keep track of the jwt token expiration time

I wanted to know if there is a utility within the addon object that allows for keeping track of the token expiration time, or do we have to manually track this based on the maxTokenAge value?

You’ll need to track this yourself (since everyone’s timeout can be different on their server).

One way I’ve done is to have an exchange url end point which verifies that a submitted jwt token is still valid and returns back a new jwt token that won’t expire for another 15minutes. Then I set that exchange to be done every 10mins (assuming my maxTokenAge is every 15mins).

1 Like

How exactly would you create a new token, as far as I can tell, you can only check if it’s valid.

I did find the for ACE from 4 years ago saying that ACE 0.9 refreshed the token on each request. However, since ACE 1.0 came out, they’ve removed this from the docs, so I’m unsure if they removed that feature, or it’s just been undocumented since.

If you just have a rest end point in your app you can use the addon.checkValidToken() to validate the jwt token and then just return back the res.local.token as the payload (I think that’s the param you want to return back)

1 Like