Add an endpoint for refreshing tokens #109
Comments
|
I created the endpoint in a new local branch. If the current token is expired it returns 401, if not it returns a new token. I can create a PR for you to review, I think i would need your permission to push ? :-) Thanks Jose |
|
@jmdopereiro Sorry for that late answer! Just create a pull request so that I can review and merge it. |
|
Hi Stephan, I have created a local branch and committed the changes to it, but when I try to push it (not sure I can create the PR without pushing first my branch) I get a 403.
|
|
Ah, OK. The normal way is to fork this project, create a new branch on your forked project and then create a PR. Could you try that? |
|
yeap ok, I did it, what do you think ? |
|
I saw it, looks good so far. One thing, did you check, that I fails, if the token you want to refresh is too old? I can't test it myself right now. It shouldn't be possible to refresh a token, that is too old. |
|
That's right (sorry I had some troubles with my browser cache). I just retested, decreased the token-validity-in-seconds to 120 and then waited 2 minutes, the new token api is protected as the rest by the JWTFilter so when the current token is expired it doesn't refresh the token but returns 401. Here you have a postman screenshot and the application logs.
|
There should be an endpoint to refresh tokens before they expire. You should get a new token. Tokens which are expired should be decline.
The text was updated successfully, but these errors were encountered: