Keep getting the same JWT Token

[nickypeh]

Hi, I downloaded the example files for client and php (laravel framework) for the server side. Everything has been great for the login part but when I tried to sign out and sign in with different account, the profile tends to show the first login information. I get the JWT from the Authentication header and decode it. It seems like it is always getting the same jwt token. Is this a bug or there is a workaround?

Please advise. Thanks

[sahat]

Is this related to this issue? https://github.com/sahat/satellizer/issues/199

And are you using MySQL or some other database?

[nickypeh]

Hi, Yes, i think it is related to the same issue. I am using MySQL. I tried the method provided at #199 where Replace $user = User::find($payload['sub']); by $user = Sentry::findUserById($payload['sub']);

Somehow, as we are using Eloquent, it seems like it is not working at all.

Somehow, I have tried to capture the $payload['sub'], it seems like it is always getting the first id in the db, no matter if you login with another user with other id in the db. It will always get the first id in the mysql db only. Eventhough I tried the localStorage.clear() in the browser console. It still return me the first id of the db. So, I dont think the function at the server back end for the public function getUser() is having any issue as it doing its job by fetching the info by the id. I am not really familiar with the JWT but is there anything causing the header to always get the authorisation even though it is logged in with different account.

Please help to advise.

Thanks.

[sahat]

You will have to wait until I get back home on January 5th to see if I can reproduce this problem and try to find a fix for it. Meanwhile, take a look at Eloquent ORM documentation. Perhaps I missed something.

I barely know any PHP or Laravel. I built this example project just by looking at the Laravel docs and source code from other apps.

[sahat]

I finally got a chance to play around with the PHP example. Sign out, login, signup works fine here. I have tested with multiple accounts.

I am not really familiar with the JWT but is there anything causing the header to always get the authorisation even though it is logged in with different account.

Authorization header is present on every request after you sign-in in AngularJS via Satellizer. That Authorization header contains JWT. You take that JWT and decode it no the server and extract $payload['sub'] from it, which is a unique user id. I hope that answers your question unless I misunderstand you meant something else by " causing the header to always get the authorisation".

[nickypeh]

Yea, everything is working fine now when you take out the first().

Thanks :)

[sahat]

Good, glad that fixed it. I just pushed a few more PHP-related changes and over the next few days I will run through the entire code to do cleanup, refactoring and borrow some stuff from https://github.com/andrewelkins/Laravel-4-Bootstrap-Starter-Site . If I have time I will add all remaining OAuth providers that are currently only available in the Node.js example. It's better to fully take care of PHP example before moving on to something else. Switching between different languages can be quite challenging.