New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
logout
and invalidate
simply won't work
#1972
Comments
yeah, I also encountered this issue. for loginJWTAuth::attempt($credentials) for logoutJWTAuth::invalidate(); for refresh token$token = JWTAuth::refresh(); |
"A token is required" Iam work with lumen 7.x |
Sorry my bad, I forgot to send token |
Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward? This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
this issue is still relevant, even on dev-develop. Any ideas for a solution? |
I found something related to this with this function: # tymon/jwt-auth/src/Blacklist.php
# ...
/**
* Get the number of minutes until the token expiry.
*
* @param \Tymon\JWTAuth\Payload $payload
* @return int
*/
protected function getMinutesUntilExpired(Payload $payload)
{
$exp = Utils::timestamp($payload['exp']);
$iat = Utils::timestamp($payload['iat']);
// get the latter of the two expiration dates and find
// the number of minutes until the expiration date,
// plus 1 minute to avoid overlap
return $exp->max($iat->addMinutes($this->refreshTTL))->addMinute()->diffInRealMinutes();
}
# ... The base implementation is using the return $exp->max($iat->addMinutes($this->refreshTTL))->addMinute()->diffInRealMinutes();
# >>> -20152.975287983 Is returning a negative value. This is expected, as per the Carbon documentation. And looking at the Is this expected? [Edit] If I get the absolute value of the returned |
Subject of the issue
Hi,
As the title said, logout and invalidate does not work. The blacklisting is on but JWT does not record any token as blacklisted at all.
Your environment
Steps to reproduce
attempt
to generate a token.auth()->logout()
orauth->logout(true)
to invalidate a token.auth()->check()
on invalidated token and it returnstrue
Expected behaviour
An invalidated token should not be valid.
Actual behaviour
The invalidated token is valid. Also noting that my cache is Redis, and it stores sessions and queue jobs etc. ... but there are no JWT sets. Also no blacklist in any files governed by other storage drivers.
The text was updated successfully, but these errors were encountered: