contactjavas
commented
3 years ago Hi @kwisatz , i think we should follow wpcs for the PHP part including the indentation part. So it should remain tabs instead of spaces.
Closed agusmathew closed 2 years ago
contactjavas
commented
3 years ago Hi @kwisatz , i think we should follow wpcs for the PHP part including the indentation part. So it should remain tabs instead of spaces.
ExoGeek
commented
3 years ago @agusmathew Really a great job ! If I well understand, we can renew and revoke a token... Am I right ?
When do you think this feature will be tested and merged in the core project ?
kwisatz
commented
3 years ago Hi @contactjavas
Can we revert these changes @kwisatz ? Let's stick with WPCS by using tabs instead of spaces
I left this up to @agusmathew. Personally, I'm not willing to work with WPCS, I'll say that straight out. I'd rather not have this merged then.
If @agusmathew is up to it and willing to maintain it, he'll let you know or push a new commit that respects WPCS.
agusmathew
commented
3 years ago @ExoGeek The JWT tokens cannot be revoked. This feature gives you a new token with a greater expiry date. We added this feature to ensure that regular users won't get logged out due to token expiry. I will push a new commit soon.
pesseba
commented
3 years ago @ExoGeek The JWT tokens cannot be revoked....
@agusmathew tokens can be revoked when user updates the password or when token generation uses 'device' parameter and user remove connected devices in your profile admin panel.
For refresh feature, I believe is just a way to generate a new token (with new deadline) using a valid token, I'm right? So, please make sure the device feature still working with refesh token.
ExoGeek
commented
3 years ago @agusmathew tokens can be revoked when user updates the password or when token generation uses 'device' parameter [...]
Great ! The ability to revoke a JWT token is very needed in case of user hack. Is this feature already implemented in the current release of the plugin ?
pesseba
commented
3 years ago @ExoGeek yes! The revoke feature is already working with password change in user profile or reset password. If some other plugin or theme changes the password programmatically, token maybe not be revoked. This feature uses these wp filters: 'profile_update' and 'after_password_reset'.
contactjavas
commented
3 years ago Hi friends! Are we going to continue this PR? We have another PR (#33) for refresh token feature. Or, are we going to focus on that one? If so, is it ok to close this one so we can focus the effort?
Thanks for your effort @agusmathew ! Also thanks @kwisatz , @ExoGeek , @pesseba !
kwisatz
commented
3 years ago Happy to drop this PR in favor of the alternative.
This change adds a token refresh feature to the plugin. Added a rest route for token refresh. The
refresh_tokenmethod validates the token and generates a new token for the user.