Comments (5)
Hey there,
- At what point or where is this local storage value set?
Hey that should be set by you when you do the Login with your Identity Provider. If you're using Auth0 for example, once the login process finishes, you should get back the refresh token and store it. Makes sense?
- Is there a reason why a new token is generated instead of just sending the token bak with a new expiry date?
Generating a new token can be exactly that. If the server changes the Expire date, then the signature (red part from jwt.io) has to be regenerated and that means creating a new token. Does it make sense?
Thanks!
from angular-jwt.
Hey there @mgonto!
I am still a little confused, I am trying to achieve and understand what you coded live at ng-europe(very cool)
I thought that the token that the server generates would be:
localStorage.getItem('id_token');
And not:
localStorage.getItem('refresh_token');
And then the refresh token would be generated on request via a URL like "/api/v2/refresh_token"
from angular-jwt.
Hey there,
So id_token
is the token you get after authentication and is the JWT that will be send in the header on every authenticated request.
The JWT returned in the id_token
field can expire. If you want, your server can implement a refresh token mechanism. That means that when the user signs in, besides the id_token
, you'll return the refresh_token
. After that, you'll keep on using the id_token
until it's expired. Once it expires, you'll use the refresh_token
to call an endpoint that will return a new, not expired id_token
to send again on every request. Does this make sense?
So, after the login process, if you're using a refresh_token
, you'd actually save both the refresh_token
and the id_token
.
However, if you're using the refresh_token
, it'll ALWAYS be returned when signing in, not in a separate request.
You can read more about refresh tokens in this documentation from Auth0 and in the auth0-angular docs
Let me know if this helps.
Cheers!
from angular-jwt.
@mgonto Why don't we just use id_token
to validate the user and return a refreshed token? Even if a token is expired, we are still able to decode and validate the token.
from angular-jwt.
@kokujin
I am looking for a Refresh Token code example where did you find it?
from angular-jwt.
Related Issues (20)
- Minification problems HOT 2
- urlBase64Decode issue HOT 3
- Restangular not setting the token on requests HOT 1
- Angular 6.0.0 not supporting the Angular JWT HOT 12
- --prod build. Function expressions are not supported in decorators in 'ɵ0' HOT 2
- SSR is failing window doesn't exist HOT 2
- How the Payload will get converted in the JWT Token ? HOT 1
- Breaking changes in latest patch release 0.1.10 HOT 1
- Can't run test suite
- Don't reference actual window HOT 1
- Interceptor can choke on undefined response HOT 5
- Can't inject anything to jwtOptionsProvider tokenGetter config HOT 2
- Routes without jwt authentication are still loading HOT 1
- async TokenGetter doesn't work HOT 1
- Help needed to implement the basic functions HOT 1
- ERROR Error: Uncaught (in promise): TypeError: this.tokenGetter is not a function HOT 2
- Error: Could not get token from tokenGetter function HOT 1
- Bower failed with error: The process 'C:\npm\prefix\bower.cmd' failed with exit code 1
- Create Ivy distribution HOT 1
- Support Ivy distribution HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from angular-jwt.