Subject of the issue
I'm using middleware('auth:api', ['except' => ['login']]) in constructor as provided in jwt wiki.
As I good undestand JWT I should be able to refresh token without having valid token, but the token should be valid only for refresh (because Refresh TTL is longer than normal token TTL) - but if I use this middleware I can't refresh token after normal TTL pass, because it says 'Unauthorized' even though the TTL for refresh didn't pass.
Shouldn't the middleware be set to except ['refresh'] too?
Your environment
| Q |
A |
| Bug? |
yes |
| New Feature? |
no |
| Framework |
Laravel |
| Framework version |
5.6 |
| Package version |
1.0.0 |
| PHP version |
7.2 |
Steps to reproduce
Use middleware('auth:api', ['except' => ['login']]) in AuthController
Expected behaviour
Token refresh without being authorized, just the token check
Actual behaviour
Can't refresh token without having valid normal ttl token
Subject of the issue
I'm using middleware('auth:api', ['except' => ['login']]) in constructor as provided in jwt wiki.
As I good undestand JWT I should be able to refresh token without having valid token, but the token should be valid only for refresh (because Refresh TTL is longer than normal token TTL) - but if I use this middleware I can't refresh token after normal TTL pass, because it says 'Unauthorized' even though the TTL for refresh didn't pass.
Shouldn't the middleware be set to except ['refresh'] too?
Your environment
Steps to reproduce
Use middleware('auth:api', ['except' => ['login']]) in AuthController
Expected behaviour
Token refresh without being authorized, just the token check
Actual behaviour
Can't refresh token without having valid normal ttl token