search

tymondesigns / jwt-auth

🔐 JSON Web Token Authentication for Laravel & Lumen
https://jwt-auth.com
MIT License
11.24k stars 1.55k forks source link

A refresh token is used only once #2205

Open moxesh-gandhi opened 1 year ago

moxesh-gandhi commented 1 year ago

How to refresh token again on a refresh token

Suppose my token TTL is 1 day & refresh token TTL is 2 days.

Now the case is what i generate token on 1st day it is working absolutely fine on 1st day. Now 2nd day the token is expired and we generate a refresh token and that refresh token also works perfectly fine. Now on the 3rd day refresh token is expired and we are trying to generate refresh token again on the 2nd day refresh token, then we are unable to refresh it again.

So how we refresh token on the old refresh token?

The current solution is we are promoting a login form to user for asking his/her credentials to generate a new token. Now we have to stop promoting users because it's a bad way & bad user experience. And We don't need to change token TTL and refresh token TTL time.

Your environment

Q A
Bug? No
New Feature? Yes
Framework Laravel
Framework version 5.4 (or any version 8.75)
Package version 0.5.12 (or any version 1.0.2)
PHP version 7.4.3 (or any version 8.0.0)

Steps to reproduce

Refresh the refresh token again.

Expected behaviour

Need to refresh token on old refresh token. If refresh token is timed out then it will behave normally.

Actual behaviour

Refresh token did not refreshed again & it's expired.

osamabelal commented 1 year ago

You can try increasing the time span of the refresh token, and removing the refresh token from the stack when the user logs out.

mira-thakkar commented 1 year ago

how are you able to refresh the token first time from the expired token, as i am getting 401 error while on refresh api first time?