Jwt-auth: The token has been blacklisted
I tried this https://github.com/tymondesigns/jwt-auth/issues/1355, but when I refresh my expired token, I got The token has been blacklisted,who can help me ? my larval project should be 5.5.40 now.
"require": {
"php": ">=7.0.0",
"fideloper/proxy": "~3.3",
"laravel/framework": "5.5.*",
"laravel/tinker": "~1.0",
"tymon/jwt-auth": "1.0.0-rc.2"
},
dishcheng
All 7 comments
Hi, show your code and axios interceptor
core01
on 20 May 2018
my Middleware
<?php
namespace App\Http\Middleware;
use Carbon\Carbon;
use Illuminate\Support\Facades\Cache;
use Tymon\JWTAuth\Exceptions\JWTException;
use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
use Tymon\JWTAuth\Http\Middleware\BaseMiddleware;
use Tymon\JWTAuth\Exceptions\TokenExpiredException;
class RefreshToken extends BaseMiddleware {
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, \Closure $next) {
$this->checkForToken($request); // Check presence of a token.
try {
if (!$this->auth->parseToken()->authenticate()) { // Check user not found. Check token has expired.
throw new UnauthorizedHttpException('jwt-auth', 'User not found');
}
$payload = $this->auth->manager()->getPayloadFactory()->buildClaimsCollection()->toPlainArray();
return $next($request); // Token is valid. User logged. Response without any token.
} catch (TokenExpiredException $t) { // Token expired. User not logged.
$payload = $this->auth->manager()->getPayloadFactory()->buildClaimsCollection()->toPlainArray();
$key = 'block_refresh_token_for_user_' . $payload['sub'];
$cachedBefore = (int) Cache::has($key);
if ($cachedBefore) { // If a token alredy was refreshed and sent to the client in the last JWT_BLACKLIST_GRACE_PERIOD seconds.
\Auth::onceUsingId($payload['sub']); // Log the user using id.
return $next($request); // Token expired. Response without any token because in grace period.
}
try {
$newtoken = $this->auth->refresh(); // Get new token.
$gracePeriod = $this->auth->manager()->getBlacklist()->getGracePeriod();
$expiresAt = Carbon::now()->addSeconds($gracePeriod);
Cache::put($key, $newtoken, $expiresAt);
} catch (JWTException $e) {
throw new UnauthorizedHttpException('jwt-auth', $e->getMessage(), $e, $e->getCode());
}
}
$response = $next($request); // Token refreshed and continue.
return $this->setAuthenticationHeader($response, $newtoken); // Response with new token on header Authorization.
}
}
my api.php
Route::prefix('auth')->group(function($router) {
$router->post('login', 'AuthController@login');
$router->post('logout', 'AuthController@logout');
});
//Route::group(['middleware' => 'jwt.auth', 'providers' => 'jwt'], function ($api) { //
Route::group(['middleware' => 'refresh.token'], function ($api) { //
$api->get('user', 'AuthController@getUserInfo');
});
I can get token when I login ? but I need to refresh my token when the token was expired....I am a backend developer.... @core01
dishcheng
on 20 May 2018
@caicaizi251 I guess the problem is with axios interceptor on frontend. When you send expired token at the first time (when your refresh TTL is not expired), jwt-auth returns the new one in response header.
If you send expired token again you will get error: "token blacklisted".
Check if on frontend you has something like this: https://gist.github.com/core01/9cb3c292576049e3be5cca0889ed3e52#file-connection-js-L13
core01
on 20 May 2018
please note that you can change config options in your codes in run time. I used this code and this was a solution for me:
config([
'jwt.blacklist_enabled' => true
]);
auth()->logout();
JWTAuth::invalidate(JWTAuth::parseToken());
ivahidmontazer
on 1 Sep 2018
Please can any one help with the method to force blacklist expired toke
for my own logic force reset the expired token and it need to be after the user has expired the token i need to force the token to blacklist
here is my code below:
``
try {
// the code is okay here
$payload = $this->guard()->getPayload();
$res = $userAuth->getAdminUserLoginDetails($payload['email']);
$token = $this->guard()->claims(["email"=> $res->email, 'api_token'=> $res->api_token ])->login($userAuth);
JWTAuth::invalidate(JWTAuth::getToken());
return response()->json([$token]);
} catch (TokenExpiredException $e) {
// here is where my code needs help
if (env('JWT_FORCE_GET_PAYLOAD', false)) {
$payload = JWTAuth::manager()->getJWTProvider()->decode(JWTAuth::getToken()->get());
$res = $userAuth->getAdminUserLoginDetails($payload['email']);
// JWTAuth::invalidate(JWTAuth::getToken()); // i cannot use this line because the exception will be caught
$token = $this->guard()->claims(["email"=> $res->email, 'api_token'=> $res->api_token ])->login($userAuth);
// $token = $this->guard()->refresh(true, true); // i cannot use this line because the exception will be caught
// token need to be invalidate or blacklist here after successful reset
return response()->json([$token]);
} else {
throw new TokenExpiredException('Token has expired', 401);
}
}catch(\Exception $e) {
throw new HttpException($e->getMessage(), 401);
}
``
segunmicheal27
on 31 Oct 2020
sorry bro due to some important work i could not solve this if i get time i
will do
On Sat, Oct 31, 2020 at 11:12 AM Michael Codexz notifications@github.com
wrote:
Please can any one help with the method to force blacklist expired toke
for my own logic force reset the expired token and it need to be after the
user has expired the token i need to force the token to blacklisthere is my code below:
``
try {
// the code is okay here
$payload = $this->guard()->getPayload();
$res = $userAuth->getAdminUserLoginDetails($payload['email']);
$token = $this->guard()->claims(["email"=> $res->email, 'api_token'=>
$res->api_token ])->login($userAuth);
JWTAuth::invalidate(JWTAuth::getToken());
return response()->json([$token]);
} catch (TokenExpiredException $e) {
// here is where my code needs help
if (env('JWT_FORCE_GET_PAYLOAD', false)) {
$payload =
JWTAuth::manager()->getJWTProvider()->decode(JWTAuth::getToken()->get());
$res = $userAuth->getAdminUserLoginDetails($payload['email']);
// JWTAuth::invalidate(JWTAuth::getToken()); // i cannot use this line
because the exception will be caught
$token = $this->guard()->claims(["email"=> $res->email, 'api_token'=>
$res->api_token ])->login($userAuth);
// $token = $this->guard()->refresh(true, true); // i cannot use this line
because the exception will be caught// token need to be invalidate or blacklist here after successful reset return response()->json([$token]); } else { throw new TokenExpiredException('Token has expired', 401); } }catch(\Exception $e) { throw new HttpException($e->getMessage(), 401); }``
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/tymondesigns/jwt-auth/issues/1573#issuecomment-719890946,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AI74JQLZOYYRDTIPMK2PX6LSNOTDPANCNFSM4FAYC6IA
.
shahidarzoo
on 4 Nov 2020
@dishcheng the issue still never solve because the above proposed solution still raised exception of two dot string and ability of improper of generating correct token please let give room for update
thank you
segunmicheal27
on 5 Nov 2020
Related issues
pereiracinthiag
·
32Comments
rajabishek
·
49Comments
SimonErich
·
23Comments
frenetic
·
26Comments
johncloud200
·
32Comments
Most helpful comment
please note that you can change config options in your codes in run time. I used this code and this was a solution for me: