Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refresh custom claims from the subject when a token is refreshed #1619

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Refresh custom claims from the subject when a token is refreshed #1619

wants to merge 1 commit into from

Conversation

njbarrett
Copy link

@njbarrett njbarrett commented Jul 10, 2018
edited
Loading

Fixes #891

Currently when you refresh a token, it does not regenerate the custom claims data. If for example data in my getJWTCustomClaims is dynamic the only way the token gets updated is with a new login.
This change will recreate the claims array properly for refreshed tokens as well.

(Apologies if this is the wrong way to do it, happy to discuss other solutions)

@njbarrett njbarrett changed the title Refreshe custom claims from the subject when a token is refreshed Refresh custom claims from the subject when a token is refreshed Jul 10, 2018
@mattmcdonald-uk
Copy link
Contributor

mattmcdonald-uk commented Aug 16, 2018
edited
Loading

This change breaks the refresh middleware flow as it requires the token not to be expired when refreshing.

If you first call $this->manager->setRefreshFlow() it appears to fix it.

A further problem is that authenticate may return false which can't be passed to getClaimsArray

@njbarrett
Copy link
Author

Hey @mattmcdonald-uk , thanks for your comment.
So are you saying if I add $this->manager->setRefreshFlow() instead of my code, or in addition to my code, I can fix this issue properly?

@mattmcdonald-uk
Copy link
Contributor

mattmcdonald-uk commented Aug 22, 2018
edited
Loading

I had to make a couple of changes to get this fix working for me.

Adding a call to setRefreshFlow makes sure that tokens which can be renewed are used.

Adding a test on the call to authenticate ensures it doesn't fail if the user has disappeared and false is returned.

mattmcdonald-uk@8111ae7

@mjsarfatti
Copy link

mjsarfatti commented Dec 7, 2018
edited
Loading

I get an error when I try to implement this:

{
    "message": "Method [authenticate] does not exist.",
    "exception": "BadMethodCallException",
    "file": "[...]vendor/tymon/jwt-auth/src/JWT.php",
    "line": 425,
    [...]

This is because the refresh() method is declared in JWT.php, but authenticate() is in JWTAuth.php.
Am I missing something?

This was referenced Mar 11, 2020
Open
Open
Open
@stale
Copy link

stale bot commented Dec 25, 2020

Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward?

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

@stale stale bot added the stale label Dec 25, 2020
@mattvb91
Copy link

@mjsarfatti stuck on exactly this issue, how do I refresh the claims? Does anyone have it working, the above doesnt work.

@stale stale bot removed the stale label Jan 18, 2023
@mattvb91 mattvb91 mentioned this pull request Jan 18, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Update custom claims with refresh token
5 participants
@njbarrett @mattmcdonald-uk @mjsarfatti @mattvb91 @nickbarrettjb