Refresh Token
im using to generate sessionId :
how can we generate a refresh token and is there a built in api we can use to refresh the sessionId when it expires
6 Replies
Hi @Dada. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave:
----------------------
Based on the available knowledge sources, Wasp's authentication system uses sessions to keep track of logged-in users. Sessions are created and stored in the database and in localStorage on the client. When a user logs in, a session is created (e.g., with createSession), and when they log out, the session is deleted from both the database and localStorage. Wasp uses Lucia Auth v3 under the hood for session management.
However, there is no mention in the documentation or issues about a built-in API for generating refresh tokens or for refreshing the sessionId when it expires. The sources do not describe a refresh token mechanism similar to what is commonly found in JWT-based auth systems, nor do they mention an endpoint or function for refreshing sessions automatically when they expire. The session management appears to be handled by creating and deleting sessions, not by issuing refresh tokens or rotating session IDs via a dedicated refresh endpoint.
If you need refresh token functionality or automatic session renewal, you may need to implement this yourself or look into Lucia Auth's documentation directly for advanced session management features, as Wasp's current abstraction does not expose this out of the box according to the provided sourcesDocs: Auth Overview - Sessions.
I'm sorry, but there's no information in the knowledge sources about a built-in API for generating refresh tokens or refreshing session IDs in Wasp.
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------
Sorry @Dada, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist:
Perhaps try again in 15mins?
Hey @Dada we don't have an API to generate a refresh token for a session.
Taken from the Lucia docs (link):
Sessions do not have an absolute expiration. The expiration gets extended whenever they're used. This ensures that active users remain signed in, while inactive users are signed out. More specifically, if the session expiration is set to 30 days (default), Lucia will extend the expiration by another 30 days when there are less than 15 days (half of the expiration) until expiration.We do use the default 30 days as explained in the example What is your use case for needing refresh tokens?
@Carlos in my case the session generated by createSession have only 1h and they expire, how can i change the duration? or am i doing something wrong!?
how are you checking?
you are right @Carlos , my bad when i checked the result of createSession it has an attribute expiresAt , i checked the hours and days cuz for some reason i didn't think it would pass 7 days xD , didn't check the month thats my bad
@Carlos thank you so much for the answer bro
haha no prob!