JWT - Error with refresh token


#1

Hi,

I’ve a problem with refresh token, I don’t modify the code but I have this error:

2018-04-04T07:40:57.452Z - error: refreshJWTToken - Error: InvalidRefreshToken: E_INVALID_JWT_REFRESH_TOKEN: Invalid refresh token bf4c53cdd9dc51cdsfdf54df5d4f5df454fds6faf546764ed09253fb1211215752d0ec5e855b3aa0d8b1abtq+pMMXjR4C85sC/FOZjSTXYJYD4FD45FDSF4XgF8512asPY8uc8EKe

I’ve edited the example of error :wink:

const jwt = await auth.newRefreshToken().generateForRefreshToken(params.refreshToken, true)


#2

Yeah it says the refresh token is invalid. Are you sure that this is the valid refresh token?


#3

Yes, it’s normally good token refresh…


#4

@virk

I pass refreshToken saved in localStorage with VueJS.

The console log doesn’t works, but I have this error:

error: refreshJWTToken - Error: InvalidRefreshToken: E_INVALID_JWT_REFRESH_TOKEN: Invalid refresh token…

async refreshToken({auth, request, response}) {
        try {
          const params = request.only(['refreshToken'])
          const header = await auth.getAuthHeader()
          const decodedHeader = Encryption.base64Decode(header.split('.')[1])
          const jwtToken = JSON.parse(decodedHeader)
          const user = await User.find(jwtToken.uid)
          const jwt = await auth.newRefreshToken().generateForRefreshToken(params.refreshToken, true)
          console.log('jwt', jwt)
          const refreshUser = {
            jwt,
            user: {
              id: user.id,
              username: user.username,
              email: user.email,
              first_name: user.first_name,
              last_name: user.last_name
            }
          }
          return response.send(refreshUser)
        } catch (err) {
          Logger.error('refreshJWTToken - Error: %s', err)
        }
      }

#5

I allow myself to bring up the subject, I’m still stuck and I can not put my application into production because of this concern, I can not debug this problem.


#6

What is inside params.refreshToken? Have you verified that it does indeed contain a value, that value looks like a refresh token, that refresh token is present in the database?


#7

@pirmax Share a repo with me with the code to reproduce the issue. I’ll look into it on priority.

Please make sure it has minimal required code.


#8

Thanks for your help!


#9

I’ve the good refreshToken!

When I just logged in (first JWT session), I get the refreshToken token and try to renew it, it works.

However, after a while, I am unable to renew it.


#10

In the nuxt code, I can see when you get a new token from the server. You update the store with only jwt token.

this.$axios.setToken(auth.jwt.token, 'Bearer')

Which means you are using the old refreshToken from this point and hence it is invalid.


#11

Thanks @virk but I dispatch refreshToken from axios.js plugin to get new Bearer token.

And new data from refreshToken (user and jwt) are commit with commit() method to store new user and new jwt (with token, and refreshToken).

I don’t know if it’s the problem :confused:

this.$axios.setToken(auth.jwt.token, 'Bearer')

This, it’s only to setToken new token jwt. I don’t need here to set the refreshToken in Bearer Authorization header.


#12

I see you are using the refresh token from the state state.auth.jwt.refreshToken. Where do you update this after getting the new token?


#13

The controller with refreshToken method give me back:

{
        jwt,
        user: {
          id: user.id,
          username: user.username,
          email: user.email,
          first_name: user.first_name,
          last_name: user.last_name,
          avatar: user.avatar
        }
      }

On front, commit() method set the user and jwt JSON keys:

const auth = await this.$axios.$post('refreshToken', {
	refreshToken: state.auth.jwt.refreshToken // old refreshToken
})
// ...
commit('SET_USER', auth) // jwt (with new refreshToken) & user JSON keys
// ...

#14

Seems to be working fine for me https://github.com/thetutlage/reproducing-refresh-token

  1. Clone the repo
  2. Create a new user
  3. Run tests. Make sure to update user credentials in the test file.

If you can reproduce the issue in the same repo, it will be helpful


#15

refreshToken JWT had an expiration date or no?

The problem occurs after one day, when the token expires and the refreshToken is used.
As if the refreshToken was no longer usable.


#16

Refresh token has no expiration


#17

I’ve always the same error :confused:

Tests passed but in production, and in dev mode, I’ve the same error.

Lassed…