1

I have built an API with Laravel (5.3.30) and the package Dingo (1.0.0-beta8). For authentication I am using JWT-Auth (^0.5.12). JWT-Auth comes with a middleware to enable "Token Refreshing" out of the box.

Once you log in you get a token. When you use it to make a new request, the token is blacklisted but with the expected response comes a new token (it's in response's Headers) so you can use it to keep making new requests "recycling" the token.

Now lets suppose that I have an endpoint to create a new Post. This endpoints has two possible ways.

The first one, you send all the required params by the backend to create the Post so it's created and a 200 response is returned with the created Post.

The second possible way, you DO NOT send all the required params so a 422 Unprocessable Entity response is returned BUT without a new token to make the next request.

I don't know if this is a bug or this is an expected behaviour (this is my first time building an API for a real project). If this is the expected behaviour how should I handle these situations?

All my code related to this is the route ussing the middleware:

$api->post('posts', ['middleware' => ['api.auth', 'jwt.refresh'], 'uses' => 'App\Http\Controllers\PostController@store']);
Alan
  • 2,559
  • 4
  • 32
  • 53
  • Possible duplicate of [JWT authentication & refresh token implementation](https://stackoverflow.com/questions/41614259/jwt-authentication-refresh-token-implementation) – Adam Kozlowski Jan 09 '18 at 19:51
  • No, its not about the same. I have a specific problem: jwt.refresh not returning a new token when FormRequest validation fails. – Alan Jan 10 '18 at 14:31
  • I'm also having this doubt, i'm actually using rails for the API and the library I use for JWT returns a new token on every error response (like 422) . I wanted to know if that's good or bad behavior or whatever, couldn't find an answer and don't want to repost the question. – Miguel Corti Sep 12 '18 at 21:08

0 Answers0