usefulteam / jwt-auth

WordPress JSON Web Token Authentication
https://wordpress.org/plugins/jwt-auth/
124 stars 50 forks source link

Refresh token is obsolete error received when both login credentials and refresh token cookie is provided #128

Closed dominic-ks closed 1 month ago

dominic-ks commented 3 months ago

This was initially reported on WordPress.org:

In short, if a request is sent to the /token endpoint with both login credentials in the request body and a refresh token cookie, the above error is returned.

It's been reported that in at least some front end environments, cookies are sent automatically and therefore need to be cleared in order to make a successful call.

It's been suggested that the handling be changed so that if login credentials are provided, then the refresh cookie is ignored, and so is treated like a normal login request.

dominic-ks commented 1 month ago

Closing as a duplicate of https://github.com/usefulteam/jwt-auth/issues/127