jwt-auth: JWT Refresh - old token not expiring
Hi, In my laravel 5.3 project, I have written my own middleware to check Authentication and a controller function to get refresh token (when ever we call). But recently I found the old token is not expiring even after the new token is generated. Please see my codes below:
Middleware:
<?php
namespace App\Http\Middleware;
use Closure;
use JWTAuth;
use Tymon\JWTAuth\Exceptions\JWTException;
use Tymon\JWTAuth\Exceptions\TokenExpiredException;
class JWTCustomAuth
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
try {
if (! $user = JWTAuth::parseToken()->authenticate()) {
return response()->json([
'status' => 'FAILURE',
'msg' => 'User not found',
'data' => [],
],404);
}
} catch (TokenExpiredException $e) {
return response()->json([
'status' => 'FAILURE',
'msg' => 'Token expired',
'data' => [],
], $e->getStatusCode());
} catch (TokenInvalidException $e) {
return response()->json([
'status' => 'FAILURE',
'msg' => 'Token invalid',
'data' => [],
], $e->getStatusCode());
} catch (JWTException $e) {
return response()->json([
'status' => 'FAILURE',
'msg' => 'Token absent',
'data' => [],
], $e->getStatusCode());
}
return $next($request);
}
}
I have written a function in my controller to manually refresh the token when ever required. Please see the code:
use Tymon\JWTAuth\Exceptions\JWTException;
use Tymon\JWTAuth\Exceptions\TokenExpiredException;
public function refreshToken()
{
$token = JWTAuth::getToken();
if(!$token){
return response()->json([
'status' => 'FAILURE',
'msg' => 'Token not provided',
], 400);
}
try{
$newToken = JWTAuth::refresh($token);
}
catch(TokenExpiredException $e){
return response()->json([
'status' => 'FAILURE',
'msg' => 'Token is expired',
], 400);
}catch(JWTException $e){
return response()->json([
'status' => 'FAILURE',
'msg' => 'Token is invalid',
], 400);
}
return response()->json([
'status' => 'SUCCESS',
'msg' => 'New token created successfully',
'data' => [
'token' => $newToken,
]
]);
}
Everything works fine but the old token still valid even after the new token is generated. I haven’t changed any thing in the JWT/config.php. But I have changed .env file’s CACHE_DRIVER = array for another requirement (Entrust Acl). But I have reverted and checked this. But the problem remains there. Please share your ideas regarding this. Thank you, Harinarayanan T
About this issue
- Original URL
- State: closed
- Created 7 years ago
- Reactions: 6
- Comments: 18 (3 by maintainers)
@phpnets @newkillerbeast2017 I just had the same problem but finally work it out.
Change cache driver to file and you need to restart “php artisan serve” to make it listen again. Then you’ll be able to invalidate the token.
However, “Entrust” package requires “tagging” and make cache driver array.
So the solution is to choose a different version of entrust
change your composer as follows:
“zizaco/entrust”: “dev-master#6a0fd8c3b73037b4855c6c4eaf1060788c0df1e9”
you’ll be able to have a version that works well with file cache driver.
I’m using the 1.0.0-rc.2 version with Laravel 5.4 and CACHE_DRIVER is on file, The issue still exists, @tymondesigns would you please check it out?
You cannot use the array driver to blacklist tokens and expect the token to remain blacklisted across requests. It has no persistence, by definition.
@darrynten It was an issue, until it was fixed and closed. The only issue that is left here is that people are not using a persistent cache driver
issue not solved yet @tymondesigns (plz don’t close !)
I’m on the 1.0.0-rc.2 version (caching in file “CACHE_DRIVER=file”) and the bug still exists!
this should now be resolved as per recent fixes, Thanks guys