Skip to main content

JWT Migration Refreshable

Follow these steps to to implement authentication with a refreshable token:
  1. A login is performed using /api/auth/generate_tokens endpoint. An access token and a refresh token will be returned.
  2. The two tokens need to be stored for future use.
  3. Any authenticated request will require the access token to be present in the HTTP header, similarly to what already occurred in the past with the legacy token.
  4. When the access token is about to expire, the refresh token can be used to obtain a new access token, using the /api/auth/refresh_access_token endpoint.
  5. Loop back to step 3, until the refresh token is about to expire.
  6. A new refresh token can be obtained using the previously obtained refresh token (which is about to expire) by using /api/auth/update_refresh_token endpoint.