-
-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Wrong remaining minutes when blacklisting a token #2250
Comments
It also breaks the logout functionality |
the "diffInRealMinutes" is the same as "diffInMinutes" |
please how does the token invalidate works , do we store them in a table of balcklists or what? |
This is my solution and it's work.
App\Storage\JWTStorage.php script:
Since blacklisting/invalidating using cache mechanism, then artisan cache:clear will erase all blacklist entries. To avoid it, we can tweak above script to targeting into another store (example 'redis_blacklist'):
of course the solution above is better solved by jwt-auth, including changing the use of blacklist storage with config/jwt.php. Just simply do the best, hoping for the best and let God take the rest. |
Subject of the issue
When invalidating a token, an amount of minutes is calculated to specify how much the token should stay in the Blacklist
The problem is in the way it's calculated seems wrong, at least in my case it was wrong it just needs to be turned to positive before returning, and also for some reason the "diffInRealMinutes" Carbon method is used, I didn't find it anywhere in Carbon's actual Doc
Your environment
Steps to reproduce
Try logging in with the
login
, and then using therefresh
routeExpected behavior
Here the token from
login
should be invalidated by defaultSo you should expect a new entry in the
cache
table in the database (if all the configurations are exactly as the defaults of Laravel 11.x)Actual behavior
No entry is introduced, and the token is still valid (you can actually perform many consecutive calls to
refresh
with the same token)The text was updated successfully, but these errors were encountered: