mercredi 26 septembre 2018

jwt-auth unable to logout when jwt token has expired

I've implemented jwt-auth v1.0.0-rc2 into my Laravel 5.6 application and all seems to be working fine so far except for the ability to logout when the token has expired.

When I call the logout method from my AngularJS application, it calls: JWTAuth::invalidate( $request->input( 'token' ) ); from my Laravel application (AuthController) to invalidate the token, however, it always returns a 401 Unauthorized back.

I can confirm that I have blacklist_enabled set to true to blacklist invalidated tokens. I can logout normally when I have a valid token, but not once it has expired. My AngularJS application handles 401 errors normally (through an auth interceptor) and redirects back to a login page, but upon logout, I rely on the confirmation back from the server.

I am using the default jwt-auth middleware classes like so:

'jwt.auth' => \Tymon\JWTAuth\Middleware\Authenticate::class,

And my logout route:

Route::group(['prefix' => 'v1', 'middleware' => 'jwt.auth'], function () {

    Route::post('logout', 'AuthController@logout');

});

I am sending my token as an authorization header within the logout POST request.

I don't seem to be able to find anything on this issue. I am not sure what I am missing, but maybe I have something setup incorrectly?



via Chebli Mohamed

Aucun commentaire:

Enregistrer un commentaire