Add posibility to refresh expired access token
Bilanuk opened this issue · comments
Problem:
If access jwt token expired we can't refresh token no more. So there is no point in making refresh token with much longer lifespan.
My idea:
How about just using refresh token? I think there is no point in blacklisting them then.
My code example:
Bilanuk@b66920d
@Bilanuk We can refresh expired access token using a valid refresh token (Ref: https://github.com/Gokul595/api_guard#refresh-access-token). Do you have custom routes for refreshing token, can you share your routes.rb
file code?
@Bilanuk We can refresh expired access token using a valid refresh token (Ref: https://github.com/Gokul595/api_guard#refresh-access-token). Do you have custom routes for refreshing token, can you share your
routes.rb
file code?
Here is my routes:
Rails.application.routes.draw do
scope :api, defaults: {format: :json} do
scope :auth do
api_guard_routes for: "users", controller: {
registration: "users/registration",
authentication: "users/authentication",
passwords: "users/passwords",
tokens: "users/tokens"
}
end
get "/user-info", to: "users#show" # just for test purpose
end
end
But in tokens#create we do have before_action :authenticate_resource that triggers jwt access_token decoding. But since our token is expired we can't decode it and get 401 response.
I did all steps for configuring refresh tokens from Readme, but still I don't understand part of expired access token.
Or maybe I am doing something wrong?
There is a condition to skip validating the expiry when refreshing the token Ref: https://github.com/Gokul595/api_guard/blob/master/lib/api_guard/jwt_auth/authentication.rb#L44. May be the controller_name
didn't return expected value there due to customisation. Can you please share the users/tokens
controller code for my reference to debug?
There is a condition to skip validating the expiry when refreshing the token Ref: https://github.com/Gokul595/api_guard/blob/master/lib/api_guard/jwt_auth/authentication.rb#L44. May be the
controller_name
didn't return expected value there due to customisation. Can you please share theusers/tokens
controller code for my reference to debug?
Thanks! I did debugging by myself and now refreshing logic seems to be working correctly with expired access token. Guess it was naming problem in my controller or smth so it was trying to verify expired jwt token.