Add an endpoint for refreshing tokens
szerhusenBC opened this issue · 7 comments
There should be an endpoint to refresh tokens before they expire. You should get a new token. Tokens which are expired should be decline.
I created the endpoint in a new local branch.
If the current token is expired it returns 401, if not it returns a new token.
I can create a PR for you to review, I think i would need your permission to push ? :-)
Thanks
Jose
@jmdopereiro Sorry for that late answer! Just create a pull request so that I can review and merge it.
Ah, OK. The normal way is to fork this project, create a new branch on your forked project and then create a PR. Could you try that?
yeap ok, I did it, what do you think ?
I saw it, looks good so far. One thing, did you check, that I fails, if the token you want to refresh is too old? I can't test it myself right now. It shouldn't be possible to refresh a token, that is too old.
That's right (sorry I had some troubles with my browser cache). I just retested, decreased the token-validity-in-seconds to 120 and then waited 2 minutes, the new token api is protected as the rest by the JWTFilter so when the current token is expired it doesn't refresh the token but returns 401. Here you have a postman screenshot and the application logs.