Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix to refresh the IAT when a token is refreshed #256

Merged
merged 2 commits into from
Jul 3, 2024

Conversation

lsfiege
Copy link

@lsfiege lsfiege commented Jun 28, 2024

Description

This PR addresses the issue #249, refreshing the IAT claim when refreshing a token

Fixes #249

Checklist:

  • I've added tests for my changes or tests are not applicable
  • I've changed documentations or changes are not required
  • I've added my changes to CHANGELOG.md

Copy link
Contributor

@mfn mfn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's really a nice catch, I agree: the iat should definitely not just be re-used, doesn't make sense in the context of refresh.

Seems from the repo we forked it, this also already came up -> tymondesigns/jwt-auth#2241 (comment)

In the latest 2.x (default) branch, as of now, this also still seems to be the case https://github.com/tymondesigns/jwt-auth/blob/2.x/src/Manager.php#L177

        // persist the relevant claims
        return array_merge(
            $this->customClaims,
            $persistentClaims,
            [
                'sub' => $payload['sub'],
                'iat' => $payload['iat'],
            ]
        );

TL;DR: LGTM!

@amos-yau
Copy link

So goooooooood thanks a lot @lsfiege 👏🏻👏🏻👏🏻

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
4 participants