PHPackages maaarghk/magento-jwt-refresh-service - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [API Development](/categories/api) 4. / 5. maaarghk/magento-jwt-refresh-service ActiveMagento2-module[API Development](/categories/api) maaarghk/magento-jwt-refresh-service ==================================== Add an API service for refreshing Magento JWTs 1.0.0(2y ago)3212[1 issues](https://github.com/maaarghk/magento-jwt-refresh-service/issues)MITPHP Since Jul 14Pushed 2y ago1 watchersCompare [ Source](https://github.com/maaarghk/magento-jwt-refresh-service)[ Packagist](https://packagist.org/packages/maaarghk/magento-jwt-refresh-service)[ RSS](/packages/maaarghk-magento-jwt-refresh-service/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (1)Dependencies (2)Versions (2)Used By (0) magento-jwt-refresh-service =========================== [](#magento-jwt-refresh-service) Adds an API endpoint `POST /V1/integration/admin/token/refresh` to refresh the JWT from the Authorization header. Does not currently do customer tokens but PRs are welcome. e.g.: ``` $ curl --json '{"username": "username", "password": "password"}' http://mysite.docker/rest/V1/integration/admin/token/ "eyJraWQiOiIxIiwiYWxnIjoiSFMyNTYifQ.eyJ1aWQiOjY4LCJ1dHlwaWQiOjIsImlhdCI6MTY4OTM1MDYxOCwiZXhwIjoxNjg5MzU0MjE4fQ.Y2J6BVDFzBjSWP8MtfEievFplU21YyG40h56CLDIo9c" $ curl -XPOST --data "" -H "Authorization: Bearer eyJraWQiO" http://mysite.docker/rest/V1/integration/admin/token/refresh/ "eyJraWQiOiIxIiwiYWxnIjoiSFMyNTYifQ.eyJ1aWQiOjY4LCJ1dHlwaWQiOjIsImlhdCI6MTY4OTM1MDYxOCwiZXhwIjoxNjg5MzU0MjQ3fQ.7TM1LlZ-1ONAQroFO_HVJWCqdl-ig8CCV1Sl-D3eCoA" ``` Shouldn't JWT be short lived and only extended using refresh tokens? -------------------------------------------------------------------- [](#shouldnt-jwt-be-short-lived-and-only-extended-using-refresh-tokens) I guess. A typical recommendation is that refresh tokens should be valid for seven days, so I will accept a PR which validates that the provided JWT was not issued over 7 days ago. This module goes to the effort of ensuring that refreshing the token does not update the issue date, so it should not be too difficult to enforce a maximum age. (You can use base64 -d on the above curl example to verify that the iat claims of the two tokens are the same, but the expt claim is extended.) BYOT ---- [](#byot) If you aren't using bearer tokens but you are using JWT, you can provide a token to be refreshed like this: ``` class Whatever { public function __construct( private \FTS\JwtRefreshService\Api\JwtRefreshServiceInterfaceFactory $jwtRefreshServiceFactory ) {} public function refreshToken(string $token) { $jwtRefreshService = $this->jwtRefreshServiceFactory->create([ 'token' => $token ]); return $jwtRefreshService->refreshAdminToken(); } } ``` Why so complicated ------------------ [](#why-so-complicated) [magento-jwt-refresh-service/src/Model/Api/JwtRefreshService.php](https://github.com/maaarghk/magento-jwt-refresh-service/blob/7827d6b2c5d227bc8f5cedd45615ef0e1b451ec2/src/Model/Api/JwtRefreshService.php#L48-L58) Lines 48 to 58 in [7827d6b](/maaarghk/magento-jwt-refresh-service/commit/7827d6b2c5d227bc8f5cedd45615ef0e1b451ec2) // We don't want the "issued at" time of the new token to change // compared to the original token, because the new token should be // affected by revocations based on the initial login time. // // Although the UserTokenParameters class takes an "issued" parameter, // we can't simply use that as it is always used to calculate the // expiry date (i.e. if we set it to the original issue time then the // token does not have its expiry time refreshed.) // // So, we use a plugin on the JWT manager class to rewrite the JWT // payload that it receives. Help ---- [](#help) I am unlikely to fulfil any feature requests, so please provide a merge request alongside any that you have. MRs with tests also welcome - it should be straightforward enough to verify the token returned has the same claims and user context, and that the refreshed token still validates. ### Health Score 22 — LowBetter than 22% of packages Maintenance13 Infrequent updates — may be unmaintained Popularity15 Limited adoption so far Community7 Small or concentrated contributor base Maturity43 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 1033d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/12164cc5d0d306aab535a2384e6005cfe4a07e214f1020f900cbe09cca23298a?d=identicon)[fts](/maintainers/fts) --- Top Contributors [![maaarghk](https://avatars.githubusercontent.com/u/3168648?v=4)](https://github.com/maaarghk "maaarghk (1 commits)") --- Tags magento2-module ### Embed Badge ![Health badge](/badges/maaarghk-magento-jwt-refresh-service/health.svg) ``` [![Health](https://phpackages.com/badges/maaarghk-magento-jwt-refresh-service/health.svg)](https://phpackages.com/packages/maaarghk-magento-jwt-refresh-service) ``` ### Alternatives [stripe/stripe-php Stripe PHP Library 4.0k143.3M480](/packages/stripe-stripe-php)[twilio/sdk A PHP wrapper for Twilio's API 1.6k92.9M272](/packages/twilio-sdk)[knplabs/github-api GitHub API v3 client 2.2k15.8M187](/packages/knplabs-github-api)[facebook/php-business-sdk PHP SDK for Facebook Business 90121.9M34](/packages/facebook-php-business-sdk)[meilisearch/meilisearch-php PHP wrapper for the Meilisearch API 73813.7M114](/packages/meilisearch-meilisearch-php)[google/gax Google API Core for PHP 263103.1M454](/packages/google-gax) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)