Refresh Token never expires #66
Comments
|
@HenrikZabel Sorry for my late response... I am looking into this right away |
|
@HenrikZabel I tried with your config and everything works fine. refresh token expires after 1 minute. About the response, you got the correct response. I will update the docs too to reflect the right response |
|
@eadwinCode That's strange. I still have the same problem. How did you test this? I just called the refresh api point, but it always worked (no matter if the refresh token expired or not) |
|
I copied your settings to a test project and it works. Can I see your ninja jwt setup? |
|
Sure: |
|
I mean Controller registration and all. You have share the NinjaJWT before |
# api.py
from ninja_extra import NinjaExtraAPI
from ninja_jwt.controller import NinjaJWTDefaultController
from calendar_.api import router as week_router
from user.api import router as user_router
api = NinjaExtraAPI()
api.register_controllers(NinjaJWTDefaultController)
api.add_router("/calendar/", week_router)
api.add_router("/user/", user_router)# other api.py
…
@router.post("/task", response={200: Response, 403: Response}, auth=JWTAuth())
… |
|
Your routers, are they from |
|
The weird thing is - the package is working in general. I can create and get the tokens. But I cannot change the lifetime of them. Do you think this could be related to this? |
|
Anyways I have tried with router from both ninja and ninja_extra. And refresh token still gets expired |
|
Does it maybe clash with other installed libraries? But this should not be the case, right? |
I would suggest you try this https://github.com/jazzband/djangorestframework-simplejwt in your project to see if you have the same issue. This is not a permanent solution but we both need to understand where the problem is coming from. Whether is from your computer time or something. I need something to be able to debug and solve this issue for you. |
settings.py
I set the lifetime really low to test if the token expires. The access token is not usable after 30 seconds but the refresh token is usable as long as I want it to. Why is that?
When I request my api like that
And following is the response:
{ "refresh": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX3BrIjoxLCJ0b2tlbl90eXBlIjoicmVmcmVzaCIsImNvbGRfc3R1ZmYiOiLimIMiLCJleHAiOjIzNDU2NywianRpIjoiZGUxMmY0ZTY3MDY4NDI3ODg5ZjE1YWMyNzcwZGEwNTEifQ.aEoAYkSJjoWH1boshQAaTkf8G3yn0kapko6HFRt7Rh4", "access": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiZXhwIjoxNzExNDg5MjE0LCJpYXQiOjE3MTE0ODU4NTQsImp0aSI6IjIyNzEwYTI1YzBiNTRiNTJhNzI0NWM5M2ZjNjFjMDMzIiwidXNlcl9pZCI6ImMzODM1OWE5LTIyOTgtNDY5NC04MzVjLTJmZWIzOGRjNjQ4MCJ9.MDTzwh3LRTpKzueqJDbwEh82uDtuJ1MqUD6KJpJ47-c" }The response differs from what I can read here, which says the response looks like that:
{"access":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX3BrIjoxLCJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiY29sZF9zdHVmZiI6IuKYgyIsImV4cCI6MTIzNTY3LCJqdGkiOiJjNzE4ZTVkNjgzZWQ0NTQyYTU0NWJkM2VmMGI0ZGQ0ZSJ9.ekxRxgb9OKmHkfy-zs1Ro_xs1eMLXiR17dIDBVxeT-w"}Am I doing something wrong or is this unintentional?
The text was updated successfully, but these errors were encountered: