Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
JWT Forever Token Code Doesn't Match Docs #32
In the code docs this is written:
In the documents here: http://wiki.dreamfactory.com/DreamFactory/Tutorials/Forever_sessions
I think the code docs are correct because
// Checks for token validity - Expired TTL, Expired Refresh TTL, Blacklisted. JWTAuth::checkOrFail();
I imagine most people get around this by setting a huge refresh TTL.
Thanks for the fast response. Can you confirm why DF creates an entirely new token when a token is refreshed? With the old documentation it would make sense to make a new token, but with the updated explanation I think you can just call
DreamFactory uses this third party JWT library - https://github.com/tymondesigns/jwt-auth. The earlier versions of this library supported the forever session the way you found it on our wiki. They tighten up few things in the newer version and no longer support forever session in that manner. Check out the 'Refresh time to live' section on their documentation at https://github.com/tymondesigns/jwt-auth/wiki/Configuration for more clarification.
This is why just calling