Closed lefnire closed 3 years ago
Also, took me a long while to figure out that you retrofit Authorization: Bearer ${token}
for /refresh
, replacing access_token
with refresh_token
. I thought it was something you pass in as axios({data: {refresh_token}})
per Auth0's docs. It could be I'm so newb it's not worth adding to the docs, but in case it could help future users it might be worth adding a note about that in https://indominusbyte.github.io/fastapi-jwt-auth/usage/refresh/
In https://indominusbyte.github.io/fastapi-jwt-auth/usage/freshness/
def refresh(): new_access_token = Authorize.create_access_token(subject=current_user,fresh=False)
fresh=False
. Took me a while to figure out on localhost why it was giving me the "Fresh token required" error. Switching this toTrue
got me good. I'm a total JWT newb, and still wrapping my mind around it, so maybe it's user-error on my part?
it's correct set the access token to be false because when you refresh the token you generate a new access token without validating that user. fresh_jwt_required() only fresh token can access it and for the non-fresh token can access endpoint who protected by jwt_required()
Also, took me a long while to figure out that you retrofit
Authorization: Bearer ${token}
for/refresh
, replacingaccess_token
withrefresh_token
. I thought it was something you pass in asaxios({data: {refresh_token}})
per Auth0's docs. It could be I'm so newb it's not worth adding to the docs, but in case it could help future users it might be worth adding a note about that in https://indominusbyte.github.io/fastapi-jwt-auth/usage/refresh/
great thanks for your suggestion I will add a note in the docs later thank you 😄 🙏
Oh I see, the freshness pattern isn't part of the refresh-token pattern. It's for more critical short-access routes like deleting account, etc. Just read through the docs again and makes much more sense. Thanks!
In https://indominusbyte.github.io/fastapi-jwt-auth/usage/freshness/
fresh=False
. Took me a while to figure out on localhost why it was giving me the "Fresh token required" error. Switching this toTrue
got me good. I'm a total JWT newb, and still wrapping my mind around it, so maybe it's user-error on my part?