Skip to content
Better HN
Top
Best
Ask
Show
New
Jobs
Search
⌘K
0 points
amaccuish
7y ago
0 comments
Save
Share
Most systems use this method but over two tokens, usually referred to as a session/access token and a refresh token. See OAUTH.
0 comments
2 comments · 1 top-level
top
newest
oldest
brokenwren
7y ago
· 1 in thread
Exactly. JWTs can't be extended since the signature is part of the JWT and signs the JSON body, where the expiration is.
e12e
7y ago
I'd think "extension" in this case means "hand in a jwt with expiration/renewal fields still valid, get a new jwt with extended expiration".
Obviously the renewal service would need to be able to sign the new/extended token.
j
/
k
navigate · click thread line to collapse
