You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Right now persistent claims have 2 default overrides during refresh in Manager->buildRefreshClaims method - sub and iat. This leads to iat claim staying the same even after token refresh. As a result, the token can only be refreshed until initial creation time + refresh_ttl, instead of "postponing" this time on each refresh. Right now the only way to implement "indefinite" token refresh is to set the refresh ttl to null, but this is not ideal since this makes the token stay refreshable forever instead of living the desired refresh_ttl time.
I understand, that current behaviour may also be expected, so I propose to put those 2 claims to the config file persistent_claims prop. This makes more sense and provides flexibility to control refresh behaviour.
Your environment
Q
A
Bug?
no
New Feature?
yes
Framework
Laravel / Lumen
Framework version
*
Package version
2.*
PHP version
*
Steps to reproduce
Create token, check the iat claim, refresh the token - iat claim is persisted
Expected behaviour
iat claim is being set to the current timestamp during the refresh
Actual behaviour
iat claim is persisted from the initial token
The text was updated successfully, but these errors were encountered:
Subject of the issue
Right now persistent claims have 2 default overrides during refresh in Manager->buildRefreshClaims method - sub and iat. This leads to iat claim staying the same even after token refresh. As a result, the token can only be refreshed until initial creation time + refresh_ttl, instead of "postponing" this time on each refresh. Right now the only way to implement "indefinite" token refresh is to set the refresh ttl to null, but this is not ideal since this makes the token stay refreshable forever instead of living the desired refresh_ttl time.
I understand, that current behaviour may also be expected, so I propose to put those 2 claims to the config file persistent_claims prop. This makes more sense and provides flexibility to control refresh behaviour.
Your environment
Steps to reproduce
Create token, check the iat claim, refresh the token - iat claim is persisted
Expected behaviour
iat claim is being set to the current timestamp during the refresh
Actual behaviour
iat claim is persisted from the initial token
The text was updated successfully, but these errors were encountered: