Token expiration ?

[Incremental92]

Ahoj, it seems that after a Login, the token is expiring after some time. For me it's OK for the security side.

1) What is the proper way to reconnect ? Login again ?

2) When modifying profile or password after an authentication, how could I test if the token is still valid (user not deactivated or token not expired) ? Should I perform my profile modification and then manage errors, or could I test if the token is still valid before and how ? Is it the purpose of Refresh Token endpoint ? Thanks

[rluders]

1. Not really, you can use the refresh endpoint to get a new token for your user;
2. I guess and would be a nice idea, after changing the password or anything to update your token, but it depends. I do recommend you to check this website to learn more about the JWT token.

[Incremental92]

Thanks for your information, I have to read all the doc, but with which protocol does it work with October ? 2) I'm would like to avoid trying to update profile after the token is expired, so with which endpoint could I check its validity ?

[rluders]

What do you mean by protocol? HTTP?

There is no specific endpoint to validate the token, 'cause any route that is protected by the middleware jwt.auth already does it by default.

[Incremental92]

Sorry I meant Algorithm

[rluders]

Oh, in this case, you can check the Plugin configuration at the OctoberCMS Backend. By, if I'm not mistaken it will use by default HS256 algo.