How to deal with a TokenExpiredError: jwt expired?

Question

I have a project with NodeJS with jwt for managing user authentication. After a period of time, my app stops working and my server prints the following:

return done(new TokenExpiredError('jwt expired', new Date(payload.exp * 1000)));
                    ^
TokenExpiredError: jwt expired

Now, the person who was working in this project before me had this code for managing the tokens:

static generateToken(username, type, id) {
 return jwt.sign(
   {
      username,
      type,
      id
   },
   API_SECRET,
   {
       expiresIn: '7d'
   }
 );
}

static generateRefreshToken(username, type, id) {
 return jwt.sign(
   {
     username,
     type,
     id
   },
   API_SECRET_REFRESH,
   {
     expiresIn: '30d'
   }
 );
}

My guess is that the issue is the expiresIn: '7d' (since I'm quite new with jwt). I also know what we can omit the expiresIn field to make the token not expire at all. My question is: Is it safe to omit said field or there's another way to tackle this kind of error message? Since every time that message pops up, I have th delete the entire browsing history of my browser (or run my project in incognito mode) in order for it to start working again.

Answer 1

You should not create a token that does not expire. So, you should keep the expiresIn config.

That being said, you don't have to use refresh token strategy. There are a lot of ways to handle this. For example, you can do the following:

1. Create /check-token endpoint that will check if the current token is still valid.
2. Create token when user logs in. Token will be valid for 7 days for example.
3. Each time user opens your application call the /check-token endpoint. If current token is not valid, logout the user. If current token is valid, generate new token that will be valid for another 7 days and continue to authenticate the user with new token.