How handle token expiry in jwt laravel 5.3?

1
votes

I am developing mobile application back-end service using laravel 5.3. I am following REST API. Application having payment gateway integration and it needs more security.

I followed jwt auth by using the tymon/jwt-auth library for laravel.

I have few concern, my token getting expired after 1 hour, after that server returning token expired error and how application developer can handle this situation? Asking user to log in, again and again, is not possible.

How can app developer handle it?

What is the best and more secure approach?

1
phpapilaraveljwtlaravel-5.3
I think JWT is a very good solution. Just make sure your routes are using the RefreshToken middleware included in the package. Also the config allows you to modify how long the token is valid for, though I think 1 hour should be plenty assuming you are using the RefreshToken middleware. - user1669496
Thank you for reply,if I used this middle ware.how long my token get valid by default. or share good article describing this if any - shihabudheen
That depends on what you have setup in the config/jwt.php file. The default for token life is 1 hour. If you have your routes using that RefreshToken middleware, you can keep refreshing it for up to two weeks (also modifiable in the config) before they need to login again. Most if this is in the docs github.com/tymondesigns/jwt-auth/wiki/Authentication - user1669496

1 Answers

2
votes

in config/jwt.php change 'ttl' => 60 to whatever number you need, the numbers represent the minutes a token can live, but the best approach is to use the RefreshToken, since your app will be more secure from unwanted users.