rotate jwt tokens use middleware or API routes?

Unanswered

Sun bear posted this in #help-forum

Sun bearOP

2024-11-09T07:29:21.252Z

Hi,

I am struggling to decide whether use middleware or API routes to rotate JWT access and refresh tokens in the cookies.

I have backed built in Django. When access token gets expire, Django send new access and refresh token. I am just confused that how to set new access and refresh token in the cookies. Should I use middleware or API routes?

Which is the best practise to do?

Thank you

9 Replies

Korat

2024-11-09T08:02:43.422Z

middleware is the place you would write the logic to call an endpoint for fetching the new tokens

route handler is the place you would create that internal endpoint to fetch those tokens.

you can do the whole thing in middleware but you cant do it just in api routes because they are different things

Sun bearOP

2024-11-09T09:53:17.459Z

@Korat thank you for your response

So should I combine those two or handle whole thing in middleware?

Korat

2024-11-09T09:59:30.582Z

If you handle all the stuff in the middleware, you don’t need api routes.

You can simply fetch those tokens from that external api inside the middleware

Sun bearOP

2024-11-09T10:00:27.647Z

Yes but will it create performance issue? This is my concern

Korat

2024-11-09T10:05:28.432Z

you need to be careful what you calculate in middleware and dont do heavy calculations, a simple if to check if jwt exp date has expired isnt bad for performance

An issue you might fall into is setting the cookies with the new tokens that the next request will use the new tokens but if you manage to pull that off let me know here

Sun bearOP

2024-11-09T15:52:12.697Z

Okay will check

Thanks for information

Korat

2024-11-09T17:15:10.722Z

happy to help