jwt-auth
jwt-auth copied to clipboard
tymondesigns
A refresh token is used only once
How to refresh token again on a refresh token
Suppose my token TTL is 1 day & refresh token TTL is 2 days.
Now the case is what i generate token on 1st day it is working absolutely fine on 1st day. Now 2nd day the token is expired and we generate a refresh token and that refresh token also works perfectly fine. Now on the 3rd day refresh token is expired and we are trying to generate refresh token again on the 2nd day refresh token, then we are unable to refresh it again.
So how we refresh token on the old refresh token?
The current solution is we are promoting a login form to user for asking his/her credentials to generate a new token. Now we have to stop promoting users because it's a bad way & bad user experience. And We don't need to change token TTL and refresh token TTL time.
Your environment
| Q | A |
|---|---|
| Bug? | No |
| New Feature? | Yes |
| Framework | Laravel |
| Framework version | 5.4 (or any version 8.75) |
| Package version | 0.5.12 (or any version 1.0.2) |
| PHP version | 7.4.3 (or any version 8.0.0) |
Steps to reproduce
Refresh the refresh token again.
Expected behaviour
Need to refresh token on old refresh token. If refresh token is timed out then it will behave normally.
Actual behaviour
Refresh token did not refreshed again & it's expired.
You can try increasing the time span of the refresh token, and removing the refresh token from the stack when the user logs out.
how are you able to refresh the token first time from the expired token, as i am getting 401 error while on refresh api first time?
