TokenAuthentication Expires

102 views
Skip to first unread message

Steven Recio

unread,
Feb 10, 2020, 10:58:52 AM2/10/20
to Django REST framework
I'm using Token authentication but my tokens start returning 403 errors after a few weeks. Is it possible to create tokens that don't automatically expire?

Gonzalo Amadio

unread,
Feb 10, 2020, 11:48:07 AM2/10/20
to Django REST framework
My first thought is that you can set an expire time , very long in the future

El lun., 10 feb. 2020 a las 12:58, Steven Recio (<steve...@gmail.com>) escribió:
I'm using Token authentication but my tokens start returning 403 errors after a few weeks. Is it possible to create tokens that don't automatically expire?

--
You received this message because you are subscribed to the Google Groups "Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-rest-fram...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-rest-framework/7e32871b-f123-4456-9015-a3f8c8c7dd42%40googlegroups.com.


--
--------
Gonzalo Amadio

Steven Recio

unread,
Feb 10, 2020, 12:03:16 PM2/10/20
to Django REST framework
Can you share a link to the expiration documentation? I'm not seeing anything in the relevant docs section: https://www.django-rest-framework.org/api-guide/authentication/#tokenauthentication

I also checked the methods on the model itself and don't see anything related to expiration.


On Monday, February 10, 2020 at 11:48:07 AM UTC-5, Gonzalo Amadio wrote:
My first thought is that you can set an expire time , very long in the future

El lun., 10 feb. 2020 a las 12:58, Steven Recio (<steve...@gmail.com>) escribió:
I'm using Token authentication but my tokens start returning 403 errors after a few weeks. Is it possible to create tokens that don't automatically expire?

--
You received this message because you are subscribed to the Google Groups "Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-rest-framework+unsub...@googlegroups.com.


--
--------
Gonzalo Amadio

Fernando Hernandez de la Cruz

unread,
Feb 10, 2020, 12:23:26 PM2/10/20
to django-res...@googlegroups.com
The main topic is make a refresh token, in my experience i  use  algorithm that catch erro 403 and use the function to update the token.
After a successful login, issue a refresh and an access token. While a access token expires shortly, a refresh token is long lived. Store it securely, and use it to issue new access tokens when the current token one expires.
I use the next logical:
0. Make function than catch error 403, in the next step 
1. make petition to api to refresh token, equals to API login,
2. use the param refresh_token,
4. in the promise, access to response and get the new token refresh, and update the token updated at the new web service.
5. Make the petition to web service, when the error es showing.


____________________________________
FERNANDO HERNÁNDEZ DE LA CRUZ
Prython Developer 


El lun., 10 feb. 2020 a las 9:58, Steven Recio (<steve...@gmail.com>) escribió:
I'm using Token authentication but my tokens start returning 403 errors after a few weeks. Is it possible to create tokens that don't automatically expire?

--
You received this message because you are subscribed to the Google Groups "Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-rest-fram...@googlegroups.com.

Steven Recio

unread,
Feb 10, 2020, 12:36:23 PM2/10/20
to Django REST framework
This seems overly complicated. I'm trying to use Token authentication for my Zapier integration. Writing refresh tokens (which are not well documented) seems like overkill. I'm struggling to even find where in the source code this expiration date is enforced.


On Monday, February 10, 2020 at 12:23:26 PM UTC-5, Fernando Hernandez de la Cruz wrote:
The main topic is make a refresh token, in my experience i  use  algorithm that catch erro 403 and use the function to update the token.
After a successful login, issue a refresh and an access token. While a access token expires shortly, a refresh token is long lived. Store it securely, and use it to issue new access tokens when the current token one expires.
I use the next logical:
0. Make function than catch error 403, in the next step 
1. make petition to api to refresh token, equals to API login,
2. use the param refresh_token,
4. in the promise, access to response and get the new token refresh, and update the token updated at the new web service.
5. Make the petition to web service, when the error es showing.


____________________________________
FERNANDO HERNÁNDEZ DE LA CRUZ
Prython Developer 


El lun., 10 feb. 2020 a las 9:58, Steven Recio (<steve...@gmail.com>) escribió:
I'm using Token authentication but my tokens start returning 403 errors after a few weeks. Is it possible to create tokens that don't automatically expire?

--
You received this message because you are subscribed to the Google Groups "Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-rest-framework+unsub...@googlegroups.com.

Steven Recio

unread,
Feb 10, 2020, 12:55:04 PM2/10/20
to Django REST framework

Gonzalo Amadio

unread,
Feb 10, 2020, 12:58:10 PM2/10/20
to Django REST framework

To unsubscribe from this group and stop receiving emails from it, send an email to django-rest-fram...@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-rest-fram...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-rest-framework/12771627-7d80-40a7-86f0-5cf169c6246f%40googlegroups.com.


--
--------
Gonzalo Amadio
Reply all
Reply to author
Forward
0 new messages