JWT Token refresh / timeout
When using JWT for app auth on the server side, what is the best practice for refreshing the token? Should we watch the timeout value and refresh just before expiry, or catch the 401 when the token expires, refresh the token, and try again?
Also, what is the default token timeout, and is it configurable?
Thanks!
-
I believe the default is around 60 minutes.
I've been using the SDK so there seems to be wrappers around token management. For example:
public static BoxDeveloperEditionAPIConnection getAppEnterpriseConnection(String enterpriseId, String clientId, String clientSecret, JWTEncryptionPreferences encryptionPref, IAccessTokenCache accessTokenCache) { BoxDeveloperEditionAPIConnection connection = new BoxDeveloperEditionAPIConnection(enterpriseId, DeveloperEditionEntityType.ENTERPRISE, clientId, clientSecret, encryptionPref, accessTokenCache); connection.tryRestoreUsingAccessTokenCache(); return connection; }
but if you don't use the SDK, I do both. I check to see if token has expired and I also wrap it in a try/catch for 401 errors.
サインインしてコメントを残してください。
コメント
1件のコメント