Closed trmcnvn closed 3 years ago
Does your app set prefix '/api/v1/auth'
in your Rodauth configuration? It should if your Rodauth routes are dispatched from /app/v1/auth
. I think I can make a change so things will work even with an incorrect prefix
, but please see if setting prefix
in your configuration fixes the issue.
https://github.com/jeremyevans/rodauth/blob/1a42415968d299a9bfb54707bd71d8258c737067/lib/rodauth/features/jwt_refresh.rb#L140
In our app,
request.path == "/api/v1/auth/jwt-refresh"
&jwt_refresh_path == "/jwt-refresh"
so attempting to refresh with an expired token fails this check.