I add the:
EXPIRING_TOKEN_LIFESPAN = timedelta(minutes=1)
to test, and I did 2 GETs with a 3 minute break.

The token has not expired / changed.

https://github.com/JamesRitchie/django-rest-framework-expiring-tokens/blob/master/rest_framework_expiring_authtoken/authentication.py#L27

authentication.py line 27:
except self.model.DoesNotExist: should be except self.models.DoesNotExist: note the missing s of models

I don't know if is it already possible, but i have a server 2 server user and i don't want that its token expires

• Cover supported Django and Python versions
• Put an upper bound on required DRF version
• Update Changelog
• Credit PR authors
• Increment version number
• Release to PyPI

Hi guys!

It's possible renew time of token on each requests?

Thanks for your work! I am using it in my Django Restful API project. And I found it would me much more helpful if the token can have dynamic expiring time instead of static setting. However, I found you are using a proxy model. Maybe it can only be implemented through creating a actual model with new field of lifespan.
Waiting for your cleverer solutions.
Thx~

Hi,

I've used this project in a small project and it works fine. I've stored the returned token in browser's localStorage for logined user.

I'm thinking about how to validate token. For example, if token is expired, then the server will returns a HTTP 403 Forbidden message, so the browser can check the response body and search for expired string, then make another request with username/password to get a new token.

I think a better way to do this is, return the expired date time with token, then the browser can check the validation of token by hand instead of getting a HTTP 403 Forbidden.

How do you think about this?

My token expired. What can I do if my account has expired? Either I forget a project I've already started (work wasted) or I create a new project. How do I get back to Rasa+Botfront ?

When I've commented out the EXPIRING_TOKEN_LIFESPAN value in my settings.py file for some testing, this came up

Exception Type: AttributeError
Exception Value: Settings object has no attribute EXPIRING_TOKEN_LIFESPAN
Exception Location: /home/user/.envs/content/local/lib/python2.7/site-packages/django/conf/__init__.py in __getattr__, line 49
Python Version: 2.7.6

The Read Me document states:

Expiring Tokens works exactly the same as the default TokenAuth, except that using an expired token will return a response with an HTTP 400 status and a Token has expired error message.

HTTP response status code 400 means “Bad request”, as in a malformed request. This does not seem appropriate for a well-formed request with expired authentication.

Instead, the response status code 401 “Unauthorized” is more appropriate. The message “Token has expired” can still be in the response body to explain why the authentication failed.

(Reference for HTTP response codes, temporary errors)

Line 22 in view.py serializer = AuthTokenSerializer(data=request.DATA)
should be serializer = AuthTokenSerializer(data=request.data)