Home Arrow Icon Knowledge base Arrow Icon Global Arrow Icon How to handle token expiration in a Laravel-Node.js integration
    Laravel CSRF


How to handle token expiration in a Laravel-Node.js integration


To handle token expiration in a Laravel-Node.js integration, you can follow these steps:

Step 1: Configure Token Expiration in Laravel

1. Configure Token Expiration:
- In your Laravel application, configure the token expiration time in the `config/jwt.php` file: 

php
     'ttl' => 60 * 60 * 24, // 1 day
     'refresh_ttl' => 60 * 60 * 24 * 30, // 30 days

2. Handle Token Expiration:
- In your Laravel controller, handle token expiration by checking if the token has expired: 

php
     public function index(Request $request)
     {
         if (!$request->hasValidCsrfToken()) {
             return response()->json(['error' => 'CSRF token mismatch'], 419);
         }
         // Process the request
     }

Step 2: Refresh Tokens in Node.js

1. Refresh Tokens:
- In your Node.js application, refresh tokens when they expire: 

javascript
     axios.post('/refresh-token', {
         headers: {
             'Authorization': 'Bearer ' + token,
         },
     })
     .then(response => {
         token = response.data.token;
     })
     .catch(error => {
         console.error(error);
     });

Step 3: Implement Token Refresh in Laravel

1. Implement Token Refresh:
- In your Laravel controller, implement token refresh by generating a new token: 

php
     public function refreshToken(Request $request)
     {
         $token = $request->input('token');
         $user = JWTAuth::toUser($token);
         if (!$user) {
             return response()->json(['error' => 'Invalid token'], 401);
         }
         $newToken = JWTAuth::refresh($token);
         return response()->json(['token' => $newToken]);
     }

Step 4: Handle Token Expiration in Node.js

1. Handle Token Expiration:
- In your Node.js application, handle token expiration by catching the `TokenExpiredException`: 

javascript
     axios.post('/api/items', {
         headers: {
             'Authorization': 'Bearer ' + token,
         },
     })
     .then(response => {
         // Process the response
     })
     .catch(error => {
         if (error instanceof TokenExpiredException) {
             // Refresh the token
             axios.post('/refresh-token', {
                 headers: {
                     'Authorization': 'Bearer ' + token,
                 },
             })
             .then(response => {
                 token = response.data.token;
                 axios.post('/api/items', {
                     headers: {
                         'Authorization': 'Bearer ' + token,
                     },
                 })
                 .then(response => {
                     // Process the response
                 })
                 .catch(error => {
                     console.error(error);
                 });
             })
             .catch(error => {
                 console.error(error);
             });
         }
     });

Conclusion

By following these steps, you can effectively handle token expiration in a Laravel-Node.js integration. This ensures that your application remains secure and efficient, even when tokens expire.

Citations:
[1] https://laracasts.com/discuss/channels/laravel/how-handle-token-expiry-in-jwt-laravel-53
[2] https://stackoverflow.com/questions/31449434/handling-expired-token-in-laravel
[3] https://github.com/tymondesigns/jwt-auth/issues/502
[4] https://dotdev.co/authenticate-laravel-5-user-account-in-nodejs-socket-io-using-json-web-tokens-jwt-f74009d612f8
[5] https://www.toptal.com/web/cookie-free-authentication-with-json-web-tokens-an-example-in-laravel-and-angularjs