jwt-auth icon indicating copy to clipboard operation
jwt-auth copied to clipboard

Published 20 hours ago verified publisher icon tymondesigns

refresh token flow

Open donakhseputa opened this issue 3 years ago • 11 comments

How to implement refresh token like this:

  1. when login return access_token and refresh_token
  2. when access_token expires, return a message that informs the token was expired.
  3. after expired, request a new token by sending refresh_token
  4. then return new access_token with new refresh_token too.

I'm using lumen 8 and from your documentation, the AuthController only return access_token how to generate refresh_token with TTL_REFRESH ?

donakhseputa avatar Dec 23 '21 23:12 donakhseputa

same questions......

hmshohrab avatar Dec 24 '21 09:12 hmshohrab

same ....

ayb-cha avatar Jan 10 '22 06:01 ayb-cha

Same)

dmitriymikheev avatar Jan 26 '22 19:01 dmitriymikheev

i think its similar with oauth2

okyaneka avatar Feb 09 '22 01:02 okyaneka

same :(

hamakh11 avatar Feb 24 '22 07:02 hamakh11

Same here

Renison-Gohel avatar Apr 02 '22 11:04 Renison-Gohel

Any solution to this?

pasanjg avatar Apr 19 '22 23:04 pasanjg

How to implement refresh token like this:

  1. when login return access_token and refresh_token
  2. when access_token expires, return a message that informs the token was expired.
  3. after expired, request a new token by sending refresh_token
  4. then return new access_token with new refresh_token too.

I'm using lumen 8 and from your documentation, the AuthController only return access_token how to generate refresh_token with TTL_REFRESH ?

I think you can't implement a refresh token like that, but like this:

  1. When login return access_token
  2. When access_token expires, return a message that informs the token was expired.
  3. After expiration, request a new token by sending the previous access_token to auth()->refresh(true, true).
  4. Then return the new access_token and the previous access_token has been blacklisted.

huda16 avatar Aug 11 '22 12:08 huda16

How to implement refresh token like this:

  1. when login return access_token and refresh_token
  2. when access_token expires, return a message that informs the token was expired.
  3. after expired, request a new token by sending refresh_token
  4. then return new access_token with new refresh_token too.

I'm using lumen 8 and from your documentation, the AuthController only return access_token how to generate refresh_token with TTL_REFRESH ?

Actually, i also had same issue. have you already found the solution ?

iqbalatma avatar Jan 11 '23 15:01 iqbalatma

@okyaneka I stopped using this package because I didn't find a way to achieve the above, so I used Laravel passport to make it.

hamakh11 avatar Jan 12 '23 07:01 hamakh11

The tymondesigns/jwt-auth access token has an hybrid behavior. It can be used as a refresh token and as an access token. Once it has passed the expiration time in minutes, It will be invalid as an access token but it will still be valid as a refresh token. When the token is refreshed, the token sent is invalidated (means you cannot use it anymore) and a new token is returned.

Endpoint which has a refresh behavoir should not be using the middleware 'auth:api'. Example:

$this->middleware('auth:api')->except(['refresh']);

or do not include it in a group route middleware.

eznix86 avatar Feb 28 '24 08:02 eznix86