Closed pmventura closed 7 years ago
Could you please copy-paste your cURL request + response here?
Here it is man @krisanalfa
Have you done any authentication request before accessing refresh endpoint?
@krisanalfa Yes. Else, i will be receiving different error if not authenticated right?
I've tried to take out this route outside the middleware and it works fine. But will it be the best practice?
$api->patch('/auth/refresh', [ 'uses' => 'App\Http\Controllers\Auth\AuthController@patchRefresh', 'as' => 'api.auth.refresh']);
No. You should use auth
middleware for refresh endpoint. Because any refreshed token should be a valid token, it represents a single session for a user. Mine is working here.
After you logged in, can you access /api/auth/user
endpoint?
Yeah, all endpoints are working fine so long as token still valid. But the moment it expired, I can't able to refresh the token.
Let me know if you want the steps to reproduce this
@krisanalfa does the refresh endpoint is working on your end when you pass an expired token?
No. Refreshed token should be a valid token. Which is expired token would be rejected.
Hmm, i see. But I believe you don't want the user to re-authenticate(bring back to login) if the token expired right? Should just refresh and you'll get a new access token.
Yeah, you need to re-login before refreshing the token (only if you got token expired).
@krisanalfa I tried access to access api/auth/refresh from Postman collection you provided. But it says "Token has expired". Do I still need to configure something?