JWTRefreshTokenBundle icon indicating copy to clipboard operation
JWTRefreshTokenBundle copied to clipboard

Published 20 hours ago verified publisher icon markitosgv

Auto refresh with lexik

Open dev-yann opened this issue 5 years ago • 1 comments

It appear that the problem is already reported but closed here https://github.com/markitosgv/JWTRefreshTokenBundle/issues/147. But my question is less specific.

In fact I would like to split this solution in 3 cases:

  1. Request with not expired token => everything is fine
  2. Request with expired token but refresh_token is in headers (or cookie as you want), so refresh action is call.
  3. Request with all token expired, return 401.

I would like to know if any better solution exist, or if #147 is the only way ? Finally, I find this features very perfect because we can control jwt and stay stateless, and if jwt is not enough we can control user integrity with refresh_token in database (not stateless), so, nothing suggests such an implementation? Thanks for your time and your mercy 🙏

dev-yann avatar Feb 20 '20 12:02 dev-yann

I think it would be better to have the client periodically explicitly refresh the JWT (by hitting the /refresh endpoint with a valid refresh_token) rather than have the server do this 'under the hood'

Jayfrown avatar Nov 16 '21 17:11 Jayfrown