Long lasting development JWT

I’m using Auth0 as the authentication solution for a product I’m working. The issue I’m having is that every day developing when I want to query the backend in a way that is not from our frontend (i.e. through Postman or the Apollo Sandbox) I have to generate a new access token and manually add it. I was wondering if there is a way to generate a super long lasting token for a development tenant for this purpose?

Here are some solutions I have come up with and their drawbacks compared to a long-lasting token specifically for 3rd party request tools:

  1. Fulfill requests on backend with no token: This would work in theory but we derive some key information (specifically UID, user organization, and user permission scopes) from the Auth0 token. Not having this information would make fulfilling a lot of requests impossible.
  2. Increase tenent token expiration: We can extend the expiry for the token for the dev tenent to up to 30 days in Auth0. This is non-ideal since it would do this for all tokens, including those the frontend uses. Since we use tokens that expire after a single day in production, it would be ideal to reflect that behavior on the dev frontend.

If this isn’t a feature it is obviously feasible to keep generating any copying tokens for development as needed but figured I would raise this topic to see if others have a workaround for this situation

I’m not sure what you are trying to achieve.

  • If you want everything to happen in 1 Postman call, use collection runner or the setNextRequest() function in Postman.
  • If you don’t want to call the get token API, extend the lifetime of the received token.
  • If you want to build a session, use refresh tokens, another avenue.

More context would help.

1 Like