Comments (11)
No that bundle does not extend the lifetime of the token.
It adds a flow to issue new tokens with user interaction.
When the bundle is installed an configured, your client will receive 2 tokens:
- the token you already receive and that you use for your API calls,
- a refresh token to issue new tokens.
At the moment, your client acts as below:
- Your client calls the API,
- The call is rejected because the token expired,
- Your client redirect the user to the login page and get a new access token,
- Your client calls the API and is granted
With the refresh token enabled, the step 3 is Your client calls the refresh token endpoint and get a new access token
.
from lexikjwtauthenticationbundle.
It could work, you can change the ttl too, or configure your client application to ask for a new token periodically.
For the token invalidation, look at this cookbool entry and the IP flag examples, you should be able to customize the token validation by using the Events::JWT_CREATED
and Events::JWT_DECODED
events.
For example, you could configure an application wide key or hash, add it to the token payload and change it when you want to invalidate every token in the application.
If you just want to invalidate a specific user, store a user key directly in the user entity and change it when neeeded.
from lexikjwtauthenticationbundle.
Hi,
The token is only generated after the form login, there is no concept of "refreshing" or "renewing" in JWT. The TTL is part of the signature so you cannot update it without invalidating the token.
Once the token has expired you must generate a new one, either by asking for the user credentials or programatically.
Regards.
from lexikjwtauthenticationbundle.
@slashfan Thanks.
I saw that I can create new one with create method from JWTManager.
But How I can generate programatically new token when it has expired ? Because if token is expired I don't know If it is correct....
Thanks
from lexikjwtauthenticationbundle.
Hi, the only way I can think of would be to bypass the expiration checking, but I wouldn't recommand it.
from lexikjwtauthenticationbundle.
ok, then I'm thinking to generate new token every x time, and return allways the token in every request.
There is some method to remove the old token ?
Thanks
from lexikjwtauthenticationbundle.
Hi, I'm having trouble with the token validity.
I'm using the default token_ttl
value, but users have to re-connect too often.
Can nelmio_cors "max_age" parameter interfer with the ttl_value and result in such an issue ?
Any idea ?
Thx
from lexikjwtauthenticationbundle.
The CORS will not help you in this case. When a token expires you have to issue a new one.
Using the gesdinet/JWTRefreshTokenBundle, your client will be able to renew a token with a refresh token.
from lexikjwtauthenticationbundle.
Thank you for reactivity.
You mean that I need to install whole of another bundle just in order to make token last longer ?
I must be missing something :(
from lexikjwtauthenticationbundle.
@stphane What about first setting the token_ttl
with a greater value than the default one? Then, if you really need a refresh token mechanism for avoid requesting a new token from credentials, yes the solution proposed by @Spomky stay your best alternative, not from the bundle perspective, but in JWT in general.
from lexikjwtauthenticationbundle.
Thank you for details and advices.
By "reconnect to often" I meant like every 5 minutes.The default value of 84600 should cover an entire day right!?. I now suspect the appGyver developer to not join the token along some requests from inside the mobile application which cause itself to prompt its login form.
I will let you know once the developer has inspected his code.
from lexikjwtauthenticationbundle.
Related Issues (20)
- GHA improvements
- Version 2.20+ requiring php 7.1 >= but using arrow functions HOT 2
- Not compatible with PHP 8.2 HOT 2
- How to autowire cookieProvider dynamically (without cookie name)? HOT 1
- Split cookies are all set in the same string
- Generate JWT token using dynamic configuration
- Feature Request: Method for Manually Destroying Tokens HOT 3
- Custom JWT token key
- Generation documetation after onAuthenticationSuccessResponse
- Impersonate / Switch User HOT 3
- Can we tell this bundle not to use Redis? HOT 5
- Decoding JWS Fails when Payload is Empty
- Multiple JWT authenticators
- Wrong definition of AccessTokenBuilder HOT 1
- Fatal error Trait ForwardCompatAuthenticatorTrait not found on console cache:warmup command
- token no longer being created HOT 3
- Symfony 5.4 -> 6.4 upgrade problems HOT 11
- Cannot customise cookies with `set_cookies` option HOT 1
- Session was used while the request was declared stateless HOT 6
- Issue with LMI HMC M3F3 EXTRACTION HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lexikjwtauthenticationbundle.