Path:
POST /auth/local/refresh
The access token returned in the response of the Login Local User endpoint is valid for 35 minutes. When the user's session is about to expire, this endpoint is triggered to extend the session, seamlessly and securely. The refresh token is passed in the request body to extend the session and its validity is generally 45 days.
Note: The validity of the JWT tokens (access and refresh) is configurable.
Content-Type : application/json
application/json
application/json
Type: Body
Name: Refresh Token
Required: true
{"refreshToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjVlOTc5NDdkM2NiODU1M2MwZTQzZDg3ZiIsInJvbGVzIjpbeyJpZCI6IjVkZTENDZmOGM2MzUyMDkxZDk0NGYxYyJ9XSwiaWF0IjoxNTg3MDExMjg5LCJleHAiOjE1ODcwMTMwODl9.GM0t3TOsHL7HAOwBY8LaC1mnp79e6E_XV8rd4pT0mC2hlHoPHgLfgfj5x7qMzQzuD9Mirgi5Wtfmf9LkZw4Bg"}
HTTP Code: 200 Message: OK
Description: You will see this message when the user details are retrieved along with the JWT tokens (access and refresh).
Sample
{"_id": "5e97947d3cb8553c0e43d87f","userId": 90,"roles": [{"id": "5de1646f8c6352091d944f1c"}],"name": {"first": "John","middle": "A","last": "Smith"},"accessToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjVlOTc5NDdkM2NiODU1M2MwZTQzZDg3ZiIsInJvbGVzIjpbeyJpZCI6IjVkZTE2NDZmOGM2MzUyMDkxZDk0NGYxYyJ9XSwiaWF0IjoxNTg3MDExMzEzLCJleHAiOjE1ODcwMTMxMTN9.Xo5hhZVWA79cx4h2sy5iFvfDCbzcrDsVjHkmMq-F_EHobw93Ql5n8uJp1Fap--m_6h6lWgg7D2BblQFxGRr5aw","refreshToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjVlOTc5NDdkM2NiODU1M2MwZTQzZDg3ZiIsImlhdCI6MTU4NzAxMTMxMywiZXhwIjoxNTkwODk5MzEzfQ.SJl_1ikNTo7iziHuxUhdJ3KFk4dsAReGvKhjyJcGIEqqObs4G-v-n4Xe_ydITw1ZBwNqZzbosJXUIrDsdLMJ9g"}
HTTP Code: 400 Message: Bad Request
Description: You will see this error when the refresh token is incorrect or invalid.
Sample
{"code": "TOKEN_VALIDATION_FAILED","message": "Token validation failed."}
Last updated - July 2020