Hey, I have enabled jwt in the sessions. i use the jwt token in a mobile app and i verify that the t...
d
Diesel
08/15/2022, 4:03 PMHey, I have enabled jwt in the sessions. i use the jwt token in a mobile app and i verify that the token i received is legit in the backend.
My problem is that the jwt expires in 1 hour from its creation and i want to increase that expiration.
Is there a setting/way that can achieve that? I know about the setting access_token_validity but i dont want to change the supertokens access_token expiration just the JWT that is created.
r
rp_st
08/15/2022, 4:12 PMhey!
rp_st
08/15/2022, 4:14 PMYes you can:
Copy code
Session.init({
override: {
openIdFeature: {
jwtFeature: {
functions: (oI) => {
return {
...oI,
createJWT: async function (input) {
return oI.createJWT({
...input,
validitySeconds: 123456
});
}
}
}
}
}
}
})rp_st
08/15/2022, 4:14 PMWhats the use case of doing this though? Why keep the access token's lifetime different than the JWT's?
d
Diesel
08/15/2022, 4:35 PMi want the JWT for the mobile to be valid for a long time so the user wont have to sign in every 1 hour. The access token has a refresh token i can use which i use in the web app cause it can handle the cookies.
r
rp_st
08/15/2022, 4:36 PMWhen the access token refreshes, then that also issues a new JWT. So if you are doing refreshing on the mobile app, then you can let the JWT lifetime be the way it is
rp_st
08/15/2022, 4:37 PMBut if you are not doing refreshing on the mobile app, then what you want makes sense
d
Diesel
08/15/2022, 4:42 PMno, i wont be refreshing the token in the mobile cause i need the refresh token for that and i dont have it for the mobile. at least not in the current version we are doing.
r
rp_st
08/15/2022, 4:43 PMI see. Okay. The refresh tokens are sent to the mobile client as well by the way. As cookies. But if you don’t need them, then alright.
d
Diesel
08/16/2022, 8:41 AMim using a web login page for the mobile to login so the mobile app are not calling supertokens api directly.
Is there a way to get the refresh and access token inside the web client so i could send it back to the mobile app upon login completion?
r
rp_st
08/16/2022, 9:05 AMThere isn't an easy way to do that since those are stored as httpOnly cookies.
If you want really want to do it though, you can send those back in the response body as well by overriding the sign up / sign in API and sending a custom response body. Alternatively, you can change the logic to not use cookies and use custom headers instead -> https://github.com/supertokens/supertokens-auth-react/tree/master/examples/with-localstorage.
d
Diesel
08/16/2022, 10:17 AMNever mind then this is a good first version. Later we would change this so the mobile will do api calls to supertokens.
Thanks for the help again.
r
rp_st
08/16/2022, 12:50 PMsounds good!
2 Views
SuperTokens.com
SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).
Powered by