-
Notifications
You must be signed in to change notification settings - Fork 10
Token Behavior
TeachUA uses JWT for access and refresh tokens.
- Access token - short-lived (30 minutes)
- Refresh token - long-lived (3-7 days)
Use /signin
endpoint to login and get tokens:
Then you can use ACCESS token as Bearer in Authorization Header to make requests to secured endpoints:
After 30 minutes ACCESS token will expire. But you can get new valid ACCESS token without relogin.
Use /token/refresh
endpoint with REFRESH token in request body:
!Important After that REFRESH token from request body will be revoked (as refresh tokens are disposable), but in response body you will get new valid REFRESH token to make this process again. That means:
- You can even never login again, if you refresh periodically.
- Only if REFRESH token expires you should relogin.
Use /token/revoke
endpoint to revoke REFRESH token manually:
200 status means it was revoke successfully. Now you have to login again.
Login:
After that ACCESS token will be refresh automatically in Axios response interceptor.
- Documentation: https://axios-http.com/docs/interceptors
- Or see WithAxios component in TeachUAClient
!Important If you do not act on website during REFRESH token life time, token will expire and revoke automatically. Then relogin is required.