1

I'm using djangorestframework-jwt and I can authenticate just fine, but I'm having some trouble staying authenticated. I get a "Signature has expired." error after ~5m or so.

Am I just using it wrong? My assumption was that I'd pass it the token for every request and that'd keep me authenticated. Logging out would just mean forgetting the token.

What am I missing here?

Improve this question

1 Answer 1

Reset to default
2

Documentation says that the default expiration delta is 5 minutes. See JWT_EXPIRATION_DELTA setting. The framework seems to assume that you want to implement token refresh.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Since you can't regularly refresh, is the expectation then that with mobile apps you'd just be required to set a really really long JWT_EXPIRATION_DELTA and an even longer JWT_REFRESH_EXPIRATION_DELTA? (Let's say you're using JWT to auth an iPhone app and they dont' open the app for 3-4 weeks)
Yeah, just set the expiration time to 4 weeks or whatever is your expected time for a returning user.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.