The refresh endpoint shouldn't have a hard check on token expiration since we're allowing for tokens to be refreshed beyond the expiration up to a given delta. The current functionality prevents a refresh from ever occurring, causing the refresh endpoint to also respond with a 401, thus ending the user's session.
This fix bubbles verify_exp=False from the refresh serializer down to jwt_decode to prevent it from raising an ExpiredSignature exception when attempting to refresh an otherwise valid token, as allowed by the settings.
The refresh endpoint shouldn't have a hard check on token expiration since we're allowing for tokens to be refreshed beyond the expiration up to a given delta. The current functionality prevents a refresh from ever occurring, causing the refresh endpoint to also respond with a 401, thus ending the user's session.
This fix bubbles
verify_exp=Falsefrom the refresh serializer down tojwt_decodeto prevent it from raising anExpiredSignatureexception when attempting to refresh an otherwise valid token, as allowed by the settings.Fixes #25