Comments (3)
I like the idea of having a way of refreshing the token, I haven't seen anything about it in the JWT RFC but it might be worth it to implement it.
Currently, the method that validates the token validity is the JWS::isValid
from the namshi jose library which checks both token integrity and expiration. Removing the exp
key (using the JWTCreatedEvent) from the token should bypass that problem.
In the next release, we could set the token expiration check optionnal. Globally or on a firewall specifically. Along with a refresh mecanism.
from lexikjwtauthenticationbundle.
Instead of removing the 'exp' key, which is something that you don't want removed as every JWT token should ideally have it, I have extended JWTEncoder
and added the following function to it.
/**
* @param string $token The token string
*
* @return array|bool
*/
public function decodeIgnoreExpired($token)
{
try {
/** @var JWS $jws */
$jws = JWS::load($token);
} catch (\InvalidArgumentException $e) {
return false;
}
if (!$jws->verify($this->getPublicKey())) {
return false;
}
return $jws->getPayload();
}
This only verifies integrity and ignores expiration.
Also, since there's no RFC for implementing refresh, I believe you should leave out of your bundle for a while.. but make it possible for somebody to implement the refresh endpoint on their own accord. (I had to do quite a bit of overriding to implement a refresh token endpoint).
from lexikjwtauthenticationbundle.
Good ! You're right, I don't think refresh should be implemented directly in the bundle. A simple recipe in the documentation should suffice. You're welcome to share your experience :)
from lexikjwtauthenticationbundle.
Related Issues (20)
- How to rename tag "Login Check" on swagger ui HOT 4
- oAuth2 (JWT) Secured request too slow HOT 1
- Split cookie renewal not working as expected when calling api endpoints HOT 1
- Support for partitioned authentication cookies
- Please provide support for Symfony 7 HOT 2
- If i generate token within one second it provides for me the same combination
- symfony 7 HOT 1
- [BUG] EnableEncryptionConfigCommand not supporting php7 HOT 1
- GHA improvements
- Version 2.20+ requiring php 7.1 >= but using arrow functions HOT 2
- Not compatible with PHP 8.2 HOT 2
- How to autowire cookieProvider dynamically (without cookie name)? HOT 1
- Split cookies are all set in the same string
- Generate JWT token using dynamic configuration
- Feature Request: Method for Manually Destroying Tokens HOT 3
- Custom JWT token key
- Generation documetation after onAuthenticationSuccessResponse
- Impersonate / Switch User HOT 3
- Can we tell this bundle not to use Redis? HOT 5
- Decoding JWS Fails when Payload is Empty
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lexikjwtauthenticationbundle.