How do we know that token is refreshable

[iqbalme]

Hello, I am building laravel rest api with this jwt auth, and I found that there is condition the token can be refreshed when expired and sometimes it cannot be refreshed. So, i want to ask about is there any code to determine if the token is refreshable or not, so we can make custom respond in the exception and it is easier to use it in our api apps.

Can anyone help me? @tymondesigns Thank you.

[ngfizzy]

It would be easier to help you added more context to your question.

Assuming you intend to do what you described above from a controller you can do the following:

use Tymon\JWTAuth\JWTAuth;

class TokenRefreshController extends Controller {

        protected $jwt;

        public function __constructor(JWTAuth $jwt)
        {
                $this->jwt = $jwt;
        }

        if(!$this->jwt->parseToken()->check()) { // if token is still valid
                return response()->json(['unauthorized'], 402);
        }

        $token = $this->jwt->parseToken()->refresh();
        return response()->json(compact('token'));
}

jwt->check() returns false when the token has expired.

You can also do the same when you are using this package as a guard

both JWTAuth and JWTGuard extends JWT class which contains the check() method.

[iqbalme]

I mean that token in in specific time after it's expired, it still can be refreshed, but after longer time, it cannot be refreshed anymore so it needs to authenticate again with login. I don't know what time exactly it is, but i tried it more than one and found that in short time after expired, it still can be refresh and at a slightly longer time, it is not valid anymore to refresh and required to login again.

My question is, how do we know that token can be request with the new token by refreshing it without login, and in this condition, the application is still running in the background to refresh the token.