JWTRefresh

Verifies an existing JWT and re-issues it with fresh iat, jti, and optionally a new exp. All application claims (sub, iss, aud, custom claims) are preserved.

Method Signature

JWTRefresh( token, [key], [algorithm], [options] )

Arguments

Argument

Type

Required

Description

Default

token

string

Yes

Existing compact JWS token to refresh.

key

any

Signing/verification key. Optional when defaults are configured.

null

algorithm

string

Algorithm to use for the new token.

null

options

struct

See options table below.

{}

Options

Option

Type

Description

Default

allowExpired

boolean

Allow refreshing an expired token. The signature is still verified.

false

expireIn

numeric

Seconds until the refreshed token expires.

null

headers

struct

JOSE headers to include in the new token (overrides originals).

{}

claims

struct

Optional claim assertions to enforce during verification before refreshing.

{}

Returns

A new compact JWS string with refreshed time claims.

Examples

// Standard refresh — token must still be valid
newToken = jwtRefresh( oldToken, secret, "HS256" );

// Refresh with a new 1-hour expiration
newToken = jwtRefresh( oldToken, secret, "HS256", { expireIn: 3600 } );

// Allow refreshing an expired token (grace period)
newToken = jwtRefresh( oldToken, secret, "HS256", {
    allowExpired : true,
    expireIn     : 3600
} );

PreviousJWTDecode NextJWTEncrypt

Last updated 21 days ago

Was this helpful?

Good evening

Method Signature

Arguments

Options

Returns

Examples

Related