Unauthorized - refresh session (token)

[ixms]

Subject of the issue

I have Angular/Laravel app on 2 domains. After something like 40min of not requesting to Laravel from Angular app, laravel returns "unauthorized" - so user session expired. Can i login the user again with old token from user storage instead of logging him out from Angular and continue the request before it throw user an error?

Your environment

Q	A
Bug?	no / yes
New Feature?	no / yes
Framework	Laravel / Lumen
Framework version	5.x.y
Package version	1.x.y
PHP version	5.x.y / 7.x.y

Steps to reproduce

Tell us how to reproduce this issue.

Expected behaviour

Instead of throwing unauthorized it should check if user still have the token and reuse it somehow?

Actual behaviour

Returns unauthorized

[TobiasJ]

You should be able to refresh the token with:

$refreshedToken = auth()->refresh();

When this does not work, check your jwt config. 'refresh_ttl' => env('JWT_REFRESH_TTL', 20160), is the default, which let's you refresh the given token within 2 weeks.

How your app determines wether to refresh the token or not is up to you. The most basic approach would be to leverage an "expires_in" upon authentication and check if the token is (almost) expired before sending requests to your backend.

Update: There seems to be an Issue (#1657) which indicates that refresh_ttl is not correctly respected.

[Nischal-shrestha]

well what i do on my app is that, the laravel route to refresh token should be publicly accessible and from your angular project try to use the token and if it returns unauthorized then try to refresh it. If it was a valid token and it is just expired, you should get back a new token.