JWTRefreshTokenBundle
JWTRefreshTokenBundle copied to clipboard
Get refresh token with two parameters
Hi,
I would like to know if it's possible to refresh token by sending and checking two parameters. Right now, when I want to refresh I just send json like this : { "refresh_token": "myrefreshtokencode1234567" }
Is there anyway to send user id or or e-mail and check that the refresh token sent matches with the user id/e-mail ? This would make more difficult to hack a refresh token ?
This way I would send :
{ "refresh_token": "myrefreshtokencode1234567" "e-mail":"[email protected]" }
Thanks a lot !
Hi!
You can actually do that and add as much information as you want using the success event :
<?php
namespace App\EventListener;
use Lexik\Bundle\JWTAuthenticationBundle\Event\AuthenticationSuccessEvent;
use Symfony\Component\Security\Core\User\UserInterface;
class AuthenticationSuccessListener {
/**
* @param AuthenticationSuccessEvent $event
*/
public function onAuthenticationSuccessResponse(AuthenticationSuccessEvent $event) {
$data = $event->getData();
$user = $event->getUser();
if (!$user instanceof UserInterface) {
return;
}
$data['user'] = array(
'userLocale' => $user->getUserLocale(),
'nickname' => $user->getNickname(),
'...' => $user->get...(),
);
$event->setData($data);
}
}
and event attachment unders services:
in services.yaml:
services:
acme_api.event.authentication_success_listener:
class: App\EventListener\AuthenticationSuccessListener
tags:
- { name: kernel.event_listener, event: lexik_jwt_authentication.on_authentication_success, method: onAuthenticationSuccessResponse }
Maybe this is from my configuration we this add the data to both login and refresh token success responses.
Cheers!