Story #3163

As a user, I can refresh an unexpired JWT.

Added by over 2 years ago. Updated 24 days ago.

Start date:
Due date:
% Done:


Platform Release:
Blocks Release:
Sprint Candidate:
QA Contact:
Smash Test:


django-rest-framework-jwt provides a 'JWT_ALLOW_REFRESH' setting in It defaults to False. The server.yaml and need to be updated to include this setting with the default value.

The REST API endpoint provided by django-rest-framework-jwt for refreshing the token does not support indefinitely refreshing tokens. Pulp needs to support allowing users to refresh unexpired tokens for an indefinite amount of time. As a result, a view for refreshing a JWT needs to be implemented. The view should be exposed at /api/v3/jwt_refresh/. If JWT_ALLOW_REFRESH is True, a POST request with the JWT auth header returns a new JWT with a new expiration date. The response should look like the following:

    "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwiZXhwIjoxNTAyMzgzMDExfQ.3ZpcclxV6hN8ui2HUbwXLJsHl2lhesiCPeDVV2GIbJg"

If JWT_ALLOW_REFRESH is set to False, a POST to the endpoint should return a 401 with a message stating the the JWT refresh is not allowed.

Documentation for the REST API needs to be updated with info on refreshing a JWT.

A new Usage section needs to be added to be used by Pulp Admins. These settings need to be documented there.


Related issues

Related to Pulp - Issue #3164: Requesting a JWT token doesn't support basic auth CLOSED - WONTFIX Actions


#1 Updated by bmbouter over 2 years ago

I expected that JWT renewal would not have a 7 day limit, but instead it could renew forever when JWT_ALLOW_REFRESH=True. I also thought that only the JWT_ALLOW_REFRESH would be in the and the JWT_REFRESH_EXPIRATION_DELTA would not be.

#2 Updated by over 2 years ago

  • Description updated (diff)

#3 Updated by daviddavis over 2 years ago

  • Related to Issue #3164: Requesting a JWT token doesn't support basic auth added

#4 Updated by daviddavis over 2 years ago

  • Status changed from NEW to CLOSED - WONTFIX

JWT got removed from the MVP. Going to revisit again in 3.1+ with new user stories.

#5 Updated by about 2 years ago

  • Sprint/Milestone set to 3.0.0

#6 Updated by bmbouter about 1 year ago

  • Tags deleted (Pulp 3, Pulp 3 MVP)

#7 Updated by Milesmsksth 24 days ago

Thank you so much for this. I was into this issue and tired to tinker around to check if its possible but couldnt get it done. Now that i have seen the way you did it, thanks guys with regards

Please register to edit this issue

Also available in: Atom PDF