gin-jwt: Cannot refresh expired token, even if within MaxRefresh time

Hi,

I think that commit 59e38b5726b67025f50358879913a3a4b1a27901 (from PR #165) has introduced a change in behaviour.

Previously, the RefreshHandler would refresh an expired token, as long as it was within the MaxRefresh time.

Now, trying to refresh an expired token will always fail. This is because CheckIfTokenExpire() calls mw.ParseToken(), which calls jwt.Parse(). That library function will return an error if the token has expired (regardless of the MaxRefresh time).

Before the commit, the code ignored all errors from mw.ParseToken(): token, _ := mw.ParseToken(c). Now, it returns the error no matter what it was. I think that CheckIfTokenExpire() needs to explicitly check if the error returned by mw.ParseToken() if that the token has expired, so we can then go on to check the MaxRefresh time too.

Thanks

About this issue

  • Original URL
  • State: closed
  • Created 6 years ago
  • Comments: 19 (17 by maintainers)

Commits related to this issue

Most upvoted comments

Hi @appleboy , please can you validate @fatihkahveci’s PR?

Thanks

+1
oadk on Nov 25, 2018
Read more comments on GitHub
← drone-ssh: ssh: handshake failed
gin-jwt: Vendor Gin conflict →