Time expiration issue in JWT

If I understand the question correctly, it is fairly simple to alter the expiration of a JWT token during creation...

The "exp" (expiration time) claim identifies the expiration time on or after which the JWT MUST NOT be accepted for processing. The processing of the "exp" claim requires that the current date/time MUST be before the expiration date/time listed in the "exp" claim.

More information can be found here https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4

Basically the exp key takes a unix timestamp - set the timestamp to > 100 seconds from now and you will accomplish your goal.

To "refresh" the token your API needs a service that receives a valid, JWT and returns the same signed JWT with the updated expiration.


Silent refresh There are 2 major problems that users of our JWT based app will still face:

Given our short expiry times on the JWTs, the user will be logged out every 15 minutes. This would be a fairly terrible experience. Ideally, we'd probably want our user to be logged in for a long time. If a user closes their app and opens it again, they'll need to login again. Their session is not persisted because we're not saving the JWT token on the client anywhere. To solve this problem, most JWT providers, provide a refresh token. A refresh token has 2 properties:

It can be used to make an API call (say, /refresh_token) to fetch a new JWT token before the previous JWT expires. It can be safely persisted across sessions on the client!

Here a brilliant exhibition in HASURA BLOG--> https://hasura.io/blog/best-practices-of-using-jwt-with-graphql/