How to refresh jwt token without user?

M

Michail2017-06-02 00:13:26

JSON Web Token

Michail, 2017-06-02 00:13:26

You need to update the token after the previous one is out of date.
I am using jwt-auth to generate a token in laravel.
As I understand it, to update the token in this library there is a Middleware that returns a new token in the http header.
I made the following router on the server:

Route::get('/refresh',['middleware' => ['jwt.auth','jwt.refresh'],'uses'=>'[email protected]']);

I send an ajax request to the client:

get('/api/admin/showusers?token=' + Auth.state.api_token)
    .then((res) =>{
        if(res.data.users){             
              this.users = res.data.users;
        }
    })
    .catch((err) =>{
        if(err.response.status == 401){
            get('/api/refresh?token=' + Auth.state.api_token)
                    .then((res) =>{
                       console.log(res.response)
                    })
                    .catch((err) =>{
                       console.log(err.response)
                    })
             }        
        })
}
}

That is, I catch 401 and do ajax to update the token, but I always catch an authorization error 401 (Unauthorized).
I understand that he does not give me an answer because of jwt.auth, but if you do not check authorization, then anyone can reset the token. I really don't know how to do it :(

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

E

Evgeny Kulakov, 2017-06-02
@Michail_04

You are trying to refresh using a token that is no longer valid, so it makes sense that you are not getting one. Accordingly, when your token flies to you, you first need to re-authorize and get a new token. Or do a refresh before the token becomes invalid.