What happens when the access token expires

[mlmarius]

Hi!

Looking through the sources of the backend and frontend I can't figure out what happens when the JWT access token expires. Is there a strategy in place to extend the access token if the user is using it frequently?

[csmcallister]

When the access token expires, a user would need to login again, sending a request to the backend's /login/access-token route to get a new access token.

[emsi]

@csmcallister: Where in the code it is actually enforced?

[csmcallister]

@emsi Take a look here first:

https://github.com/tiangolo/full-stack-fastapi-postgresql/blob/490c554e23343eec0736b06e59b2108fdd057fdc/%7B%7Bcookiecutter.project_slug%7D%7D/backend/app/app/api/api_v1/endpoints/login.py#L36

Then follow the core.security import to here:

https://github.com/tiangolo/full-stack-fastapi-postgresql/blob/490c554e23343eec0736b06e59b2108fdd057fdc/%7B%7Bcookiecutter.project_slug%7D%7D/backend/app/app/core/security.py#L15

As you can see there, the expiration is either pulled in from the app settings or can be overridden with a custom value. The jwt library is responsible for taking in that expiration value. Their docs explain how expiration is determined and enforced: https://pyjwt.readthedocs.io/en/latest/usage.html

[maximiliancw]

@emsi stumbled upon this today. In addition to @csmcallister's hints, you can use the /login/test-token endpoint (or any other one for that matter) to check if you're current token is still working. It feels a bit hacky though...