Question: When to invoke refreshToken() endpoint from the client?

[cloudcompute]

I have a question relating to JWT, could you pl. answer?

There is a mutation named, refreshToken() which is exposed as an endpoint. In the documentation, there is no mention about when to make a call to this endpoint? Over there, it is just stated that send the token in the Authorization header.

Kindly make things clear by writing the generic code flow at client side. Is there any need to use a library like jwt-decode there?

[Michalphs]

Hi, I think you should use this endpoint with refresh token as an argument when your access token has expired. As far as I know, refresh tokens are tokens with a longer lifetime.

[cloudcompute]

Hi

Yes, Refresh tokens have a much longer lifetime than the access tokens.

Well, your answer is correct that we should use this endpoint when an access token gets expired. In order to do so, we need a library like jwt-decode to extract the expiry time from the access token and check it against the current time.

But this is not mentioned in the nestjs-prisma-starter's Readme file. All it says, you just need to send your access token in the header as follows: Authorization: `Bearer ${token}

In addition to jwt-decode, I think we need to implement few other things, for example, skip including the Authorization header for certain endpoints, like login, register, and probably invoking the refreshToken iteself.

@marcjulian Could you please tell us what exactly we need to at the client end?