Refresh token?

  • I am looking to set up JWT for REST API access and this is one of the plugins that offers it. I like that it also offers token management which a nice plus. There is a ton of other features in this plugin that I’m not sure I need right now, but definitely seems comprehensive.

    From reading about how JWT works, though, I thought that when you authenticate you would receive two tokens: One to make requests with, and a second to request a new token when the first one expires.

    However, I can’t find any information about this second token or endpoint to do this phasse… I am envisioning when a user would successfully authenticate, we could capture and store the access token, and the refresh/renewal token and store them in a secure vault. When they come back later, if their primary token had expired the system could use the renewal one to request a new token without the need for the user to log in again.

    Is this possible with AAM?

Viewing 1 replies (of 1 total)

  • I’m interested in this topic too. The refresh functionality in AAM at the moment is actually refreshing the token by using the same token for authenticate, it’s quite different from a best practice of how JWT should be implemented, which is issue another token for refresh only when we a new token is issued.

Viewing 1 replies (of 1 total)
  • The topic ‘Refresh token?’ is closed to new replies.