Jwt-auth: How to avoid having to manually authenticate when refreshed token is sent to client but lost in transition

Created on 20 May 2016  路  4Comments  路  Source: tymondesigns/jwt-auth

I noticed that if i refresh my token (Token A) and a new token (Token B) is generated, Token A will be blacklisted and cannot be used. If in the process of sending Token B to the client (mobile app), the client gets disconnected due to unstable network, is there any way the client can use Token A for refreshing and continue usage without the app user manually entering the user name and password? It would seem weird to the app user to have to key in the credentials for a non obvious disconnection from the server.

picture czler6

Most helpful comment

you can set blacklist_grace_period more than 0 to fix this.

picture pengbo37877 on 20 May 2016
👍3

All 4 comments

you can set blacklist_grace_period more than 0 to fix this.

pengbo37877 picture pengbo37877 on 20 May 2016
👍3

I am worrying about the same issue.

@tymondesigns The blacklist_grace_period setting hasn't been released on the latest master branch yet, has it?

ghost picture ghost on 1 Jun 2016

No it is not available in the 0.5.x releases (current master branch).

Also I'm not the owner, but I'm not certain it is planned to be released there. I think new features (as opposed to bugfixes) for 0.5 will be limited.

tdhsmith picture tdhsmith on 2 Jun 2016

@tdhsmith is right. No new features will be added to 0.5.*. Only patches for existing functionality.

All new features target the next release (1.0.0)

tymondesigns picture tymondesigns on 2 Jun 2016
Was this page helpful?
0 / 5 - 0 ratings

Related issues

phamduong picture phamduong  路  3Comments
functionpointdaniel picture functionpointdaniel  路  3Comments
johncloud200 picture johncloud200  路  3Comments
agneshoving picture agneshoving  路  3Comments
CBR09 picture CBR09  路  3Comments