Get refresh token with two parameters

[Echoju]

Hi,

I would like to know if it's possible to refresh token by sending and checking two parameters. Right now, when I want to refresh I just send json like this : { "refresh_token": "myrefreshtokencode1234567" }

Is there anyway to send user id or or e-mail and check that the refresh token sent matches with the user id/e-mail ? This would make more difficult to hack a refresh token ?

This way I would send :

{ "refresh_token": "myrefreshtokencode1234567" "e-mail":"[email protected]" }

Thanks a lot !

[Nincha]

Hi!

You can actually do that and add as much information as you want using the success event :

<?php

namespace App\EventListener;

use Lexik\Bundle\JWTAuthenticationBundle\Event\AuthenticationSuccessEvent;
use Symfony\Component\Security\Core\User\UserInterface;

class AuthenticationSuccessListener {

    /**
     * @param AuthenticationSuccessEvent $event
     */
    public function onAuthenticationSuccessResponse(AuthenticationSuccessEvent $event) {
        $data = $event->getData();
        $user = $event->getUser();

        if (!$user instanceof UserInterface) {
            return;
        }

        $data['user'] = array(
            'userLocale' => $user->getUserLocale(),
            'nickname' => $user->getNickname(),
            '...' => $user->get...(),
        );

        $event->setData($data);
    }
}

and event attachment unders services: in services.yaml:

services:

    acme_api.event.authentication_success_listener:
        class: App\EventListener\AuthenticationSuccessListener
        tags:
            - { name: kernel.event_listener, event: lexik_jwt_authentication.on_authentication_success, method: onAuthenticationSuccessResponse }
            

Maybe this is from my configuration we this add the data to both login and refresh token success responses.

Cheers!