Fix to refresh the IAT when a token is refreshed

[lsfiege]

Description

This PR addresses the issue #249, refreshing the IAT claim when refreshing a token

Fixes #249

Checklist:

• I've added tests for my changes or tests are not applicable
• I've changed documentations or changes are not required
• I've added my changes to CHANGELOG.md

[mfn]

That's really a nice catch, I agree: the iat should definitely not just be re-used, doesn't make sense in the context of refresh.

Seems from the repo we forked it, this also already came up -> tymondesigns/jwt-auth#2241 (comment)

In the latest 2.x (default) branch, as of now, this also still seems to be the case https://github.com/tymondesigns/jwt-auth/blob/2.x/src/Manager.php#L177

        // persist the relevant claims
        return array_merge(
            $this->customClaims,
            $persistentClaims,
            [
                'sub' => $payload['sub'],
                'iat' => $payload['iat'],
            ]
        );

TL;DR: LGTM!

[amos-yau]

So goooooooood thanks a lot @lsfiege 👏🏻👏🏻👏🏻