How to refresh token?

[pmventura]

@krisanalfa I tried access to access api/auth/refresh from Postman collection you provided. But it says "Token has expired". Do I still need to configure something?

[krisanalfa]

Could you please copy-paste your cURL request + response here?

[pmventura]

Here it is man @krisanalfa

[krisanalfa]

Have you done any authentication request before accessing refresh endpoint?

[pmventura]

@krisanalfa Yes. Else, i will be receiving different error if not authenticated right?

I've tried to take out this route outside the middleware and it works fine. But will it be the best practice?

$api->patch('/auth/refresh', [ 'uses' => 'App\Http\Controllers\Auth\AuthController@patchRefresh', 'as' => 'api.auth.refresh']);

[krisanalfa]

No. You should use auth middleware for refresh endpoint. Because any refreshed token should be a valid token, it represents a single session for a user. Mine is working here.

After you logged in, can you access /api/auth/user endpoint?

[pmventura]

Yeah, all endpoints are working fine so long as token still valid. But the moment it expired, I can't able to refresh the token.

[pmventura]

Let me know if you want the steps to reproduce this

[pmventura]

@krisanalfa does the refresh endpoint is working on your end when you pass an expired token?

[krisanalfa]

No. Refreshed token should be a valid token. Which is expired token would be rejected.

[pmventura]

Hmm, i see. But I believe you don't want the user to re-authenticate(bring back to login) if the token expired right? Should just refresh and you'll get a new access token.

[krisanalfa]

Yeah, you need to re-login before refreshing the token (only if you got token expired).