Refreshing JWT - The token has been blacklisted


#1

Trying to test the refresh of a JWT using the documentation at Refreshing a JWT. For my test, I’m successfully logging and getting a token by posting credentials to user/session. If I do a “PUT” back to user/session with the new token a get a response that looks like:

{

“session_token”: “eyJ0e…”,
“session_id”: “eyJ0e…”,
“id”: 2,
“name”: “Craig Thompson”,
“first_name”: “Craig”,
“last_name”: “Thompson”,
“email”: “cthompson@…”,
“is_sys_admin”: false,
“last_login_date”: “2015-11-05 21:44:07”,
“host”: “linux”
}

But, if I immediately try to retrieve the session, I get an error indicating that “The token has been blacklisted”. Am I not doing the token refresh properly?

This is the response I get from the session get:

{

“error”: {
“context”: null,
“message”: “The token has been blacklisted”,
“code”: 403,
“trace”: [
“0 [internal function]: DreamFactory\Http\Middleware\AccessCheck->handle(Object(Illuminate\Http\Request), Object(Closure))”,
“1 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(9545): call_user_func_array(Array, Array)”,
“2 [internal function]: Illuminate\Pipeline\Pipeline->Illuminate\Pipeline{closure}(Object(Illuminate\Http\Request))”,
“3 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(9535): call_user_func(Object(Closure), Object(Illuminate\Http\Request))”,
“4 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(8892): Illuminate\Pipeline\Pipeline->then(Object(Closure))”,
“5 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(8877): Illuminate\Routing\ControllerDispatcher->callWithinStack(Object(DreamFactory\Http\Controllers\RestController), Object(Illuminate\Routing\Route), Object(Illuminate\Http\Request), ‘handleGET’)”,
“6 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(7831): Illuminate\Routing\ControllerDispatcher->dispatch(Object(Illuminate\Routing\Route), Object(Illuminate\Http\Request), ‘DreamFactory\Ht…’, ‘handleGET’)”,
“7 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(7802): Illuminate\Routing\Route->runWithCustomDispatcher(Object(Illuminate\Http\Request))”,
“8 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(7455): Illuminate\Routing\Route->run(Object(Illuminate\Http\Request))”,
“9 [internal function]: Illuminate\Routing\Router->Illuminate\Routing{closure}(Object(Illuminate\Http\Request))”,
“10 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(9553): call_user_func(Object(Closure), Object(Illuminate\Http\Request))”,
“11 [internal function]: Illuminate\Pipeline\Pipeline->Illuminate\Pipeline{closure}(Object(Illuminate\Http\Request))”,
“12 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(9535): call_user_func(Object(Closure), Object(Illuminate\Http\Request))”,
“13 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(7456): Illuminate\Pipeline\Pipeline->then(Object(Closure))”,
“14 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(7444): Illuminate\Routing\Router->runRouteWithinStack(Object(Illuminate\Routing\Route), Object(Illuminate\Http\Request))”,
“15 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(7429): Illuminate\Routing\Router->dispatchToRoute(Object(Illuminate\Http\Request))”,
“16 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(2304): Illuminate\Routing\Router->dispatch(Object(Illuminate\Http\Request))”,
“17 [internal function]: Illuminate\Foundation\Http\Kernel->Illuminate\Foundation\Http{closure}(Object(Illuminate\Http\Request))”,
“18 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(9553): call_user_func(Object(Closure), Object(Illuminate\Http\Request))”,
“19 /opt/bitnami/apps/dreamfactory/htdocs/vendor/barryvdh/laravel-cors/src/HandleCors.php(43): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline{closure}(Object(Illuminate\Http\Request))”,
“20 [internal function]: Barryvdh\Cors\HandleCors->handle(Object(Illuminate\Http\Request), Object(Closure))”,
“21 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(9545): call_user_func_array(Array, Array)”,
“22 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(17932): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline{closure}(Object(Illuminate\Http\Request))”,
“23 [internal function]: DreamFactory\Http\Middleware\FirstUserCheck->handle(Object(Illuminate\Http\Request), Object(Closure))”,
“24 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(9545): call_user_func_array(Array, Array)”,
“25 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(12881): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline{closure}(Object(Illuminate\Http\Request))”,
“26 [internal function]: Illuminate\View\Middleware\ShareErrorsFromSession->handle(Object(Illuminate\Http\Request), Object(Closure))”,
“27 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(9545): call_user_func_array(Array, Array)”,
“28 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(11504): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline{closure}(Object(Illuminate\Http\Request))”,
“29 [internal function]: Illuminate\Session\Middleware\StartSession->handle(Object(Illuminate\Http\Request), Object(Closure))”,
“30 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(9545): call_user_func_array(Array, Array)”,
“31 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(12622): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline{closure}(Object(Illuminate\Http\Request))”,
“32 [internal function]: Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse->handle(Object(Illuminate\Http\Request), Object(Closure))”,
“33 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(9545): call_user_func_array(Array, Array)”,
“34 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(12561): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline{closure}(Object(Illuminate\Http\Request))”,
“35 [internal function]: Illuminate\Cookie\Middleware\EncryptCookies->handle(Object(Illuminate\Http\Request), Object(Closure))”,
“36 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(9545): call_user_func_array(Array, Array)”,
“37 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(2978): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline{closure}(Object(Illuminate\Http\Request))”,
“38 [internal function]: Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode->handle(Object(Illuminate\Http\Request), Object(Closure))”,
“39 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(9545): call_user_func_array(Array, Array)”,
“40 [internal function]: Illuminate\Pipeline\Pipeline->Illuminate\Pipeline{closure}(Object(Illuminate\Http\Request))”,
“41 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(9535): call_user_func(Object(Closure), Object(Illuminate\Http\Request))”,
“42 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(2251): Illuminate\Pipeline\Pipeline->then(Object(Closure))”,
“43 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(2234): Illuminate\Foundation\Http\Kernel->sendRequestThroughRouter(Object(Illuminate\Http\Request))”,
“44 /opt/bitnami/apps/dreamfactory/htdocs/public/index.php(53): Illuminate\Foundation\Http\Kernel->handle(Object(Illuminate\Http\Request))”,
“45 {main}”
]
}
}


#2

Are you doing a get session with the original token? It changes on refresh. The original one becomes blacklisted once the refreshed token is created.


#3

That was the problem. I assumed the token had not changed. When I do the token refresh and then get session with the new token, everything works. I appreciate your help.