Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add the refresh token to the outstanding db after refreshing #696

Open
wants to merge 2 commits into
base: master
Choose a base branch
from

Conversation

ratataque
Copy link

Fix the Issue #363
By allowing the refreshtoken to be saved to the outstanding database after being refreshed.
It is useful for blacklisting every token for a precise user, if there's a leak of the token

@samuel-andres
Copy link

Great work 👏

@mnislam01
Copy link
Member

This needs to be merged.

@DigantaBiswas
Copy link

This is what I need. came here to check if anyone made a PR or not. You are awesome 😄

OutstandingToken.objects.create(
user=user,
jti=refresh[api_settings.JTI_CLAIM],
token=str(refresh),

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
token=str(refresh),
token=data["refresh"],

This part where we encode refresh token is used twice in this code. One is here on line number 137 and another is on line:142

Maybe its bad idea to repeat this code, because in future refactor to change or update this value we might need to look into 2 places.

My suggestion will be move 142 on top then use token = data["refresh" ]

Hope this gets merged soon 😃

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants