refreshToken #

Refreshes an authentication token:

a valid, non-expired authentication token must be provided
the provided authentication token is revoked
a new authentication token is generated and returned

API Keys and token with infinite duration cannot be refreshed

Query Syntax #

HTTP #

URL: http://kuzzle:7512/_refreshToken[?expiresIn=<expiresIn>]
Method: POST

Other protocols #

{
  "controller": "auth",
  "action": "refreshToken",
  "expiresIn": "<expiresIn>",
  "cookieAuth" "<true|false>",
  "strategy": "<strategyName>"
}

Arguments #

Optional: #

expiresIn: set the expiration duration (default: depends on Kuzzle configuration file)
if a raw number is provided (not enclosed between quotes), then the expiration delay is in milliseconds. Example: 86400000
if this value is a string, then its content is parsed by the ms library. Examples: "6d", "10h"
cookieAuth: Enable the refresh of the token stored in the HTTP Cookie
- This only works in a Browser and only if Kuzzle CORS is properly configured. see Authentication Token in the Browser
strategy: set the strategy to target when refreshing the token. It will then call the refreshToken method from the strategy, this method should return true or throw if the refreshToken is inactive. It will then refresh the kuzzle token and return a new one

Response #

The result contains the following properties:

_id: user's kuid
jwt: encrypted authentication token, that must then be sent in the requests
expiresAt: new token expiration date, in Epoch-millis (UTC)
ttl: new token time to live, in milliseconds

{
  "status": 200,
  "error": null,
  "controller": "auth",
  "action": "refreshToken",
  "requestId": "<unique request identifier>",
  "volatile": {},
  "result": {
    "_id": "<kuid>",
    "jwt": "<JWT encrypted token>",
    "expiresAt": 1321085955000,
    "ttl": 360000
  }
}