search

tymondesigns / jwt-auth

🔐 JSON Web Token Authentication for Laravel & Lumen
https://jwt-auth.com
MIT License
11.23k stars 1.55k forks source link

Fix for issue #2209 | #2157 | #2205 | #2056 | #2116 #2219

Open MohammadMehrabani opened 1 year ago

MohammadMehrabani commented 1 year ago

I can refresh a non-expired token normally, but when I try to refresh an expired token, I get a 401 response with the message "Unauthenticated", even if the token is within the allowed refresh time. fixed #2209 | #2157 | #2205 | #2056 | #2116 with: $this->middleware('auth:api', ['except' => ['login', 'refresh']]);

maoxuner commented 10 months ago

https://github.com/tymondesigns/jwt-auth/blob/44982a70d0552cf408f7e6110d6e419cfac59f13/docs/quick-start.md?plain=1#L174

Tymon\JWTAuth\Exceptions\JWTException should be handled or it will result in a server internal exception when token is invalid (not provided / blacklisted / out of refresh time / ...)

a example is:

    public function refresh()
    {
        try {
            return $this->respondWithToken(auth()->refresh());
        } catch (\Tymon\JWTAuth\Exceptions\JWTException $exception) {
            throw new AuthenticationException($exception->getMessage());
        }
    }