Open ecampoBS opened 7 years ago
it has to do with type of middleware i.e either middlewares run before the request or after the the request, the middleware that runs after the request fails to execute because there was an exception during the process of controllers or anything then that middleware wont run at all.
for refresh token its something like this:
$response = $next($request);
which shows it simply runs after the request has executed successfully.
I'm having a harsh time trying to get the single use token flow working.
I have set up the RefreshToken middleware by adding the
'jwt.refresh' => 'Tymon\JWTAuth\Middleware\RefreshToken'
to theKernel.php
and I'm currently recieving the refreshed token after each successful request. The problem is that on error responses (such as the one handled with the HTTPException helper class provided by Dingo Api), the token is not included in the response.I included the token in the exception response header manually, but it seems that the middleware is refreshing the token after returning the exception, thus sending the one that has already been blacklisted.
Am I doing something wrong? Or am I asuming things that I shouldn't?