refresh_expiration not returned by /token/refresh endpoint inspite of update to cookie when 'JWT_AUTH_RETURN_EXPIRATION': True and 'JWT_AUTH_HTTPONLY': True,
Routhinator opened this issue · comments
With the following settings:
'USE_JWT': True,
'JWT_AUTH_COOKIE': 'site-access-token',
'JWT_AUTH_REFRESH_COOKIE': 'site-refresh-token',
'JWT_AUTH_HTTPONLY': True,
'JWT_AUTH_RETURN_EXPIRATION': True,
The refresh_expiration
time is not returned when the /token/refresh/
endpoint is hit even though the refresh token expiration is updated in the HTTPONLY
cookie. It is returned from the login endpoint however.
Without the return from the refresh endpoint, a javascript client can only see the access_expiration
. For now I am calculating the refresh_expiration
by adding 23 hours and 59 minutes to the access_expiration
as a workaround, but it would be ideal to have this returned to avoid having to calculate it.
I'm not sure what I had going on in local, but on an actual deployment I'm not seeing the refresh token updated, and I also see the code would return the expiration if it was being set - closing this as something being off with my testing.