Refresh token works incorrectly
Subject of the issue
Describe your issue here.
Your environment
| Q | A |
|---|---|
| Bug? | yes |
| New Feature? | no |
| Framework | Laravel |
| Framework version | 57.y |
| Package version | 1.0.0-rc.3 |
| PHP version | 7.1.y |
Issue description
When user refreshes the token, he gets a new one. But REFRESH_TLL of the new token not updated.
Steps to reproduce
- Set TTL to 1 min and REFRESH_TTL to 2 min.
- Log in
- During these 2 minutes, refresh the token every 30 seconds.
Expected behaviour
Refresh REFRESH_TTL with every token refresh. I mean when user try to refresh the token, server should refresh not only token but REFRESH_TTL too
Actual behaviour
When REFRESH_TTL of the first token (which you get when you logged in) will be expired, you will log out.
I could be wrong, but I'm pretty sure that's how it's meant to work. The REFRESH_TTL is a fixed length of time in which the token can be refreshed. Once that time has passed, the user needs to re-authenticate.
This prevents the user being able to refresh indefinitely
Having the same issue. Not sure if this is right or wrong. @tymondesigns can u please respond? Thanks!
Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward?
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
Having the same issue. When I get new token from fresh api, I expect that new token can be used 1 minute and have 2 minutes to refresh token.