Download the PHP package terehinis/jwt-refresh-token-bundle without Composer
On this page you can find all versions of the php package terehinis/jwt-refresh-token-bundle. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download terehinis/jwt-refresh-token-bundle
More information about terehinis/jwt-refresh-token-bundle
Files in terehinis/jwt-refresh-token-bundle
Package jwt-refresh-token-bundle
Short Description Implements a refresh token system over Json Web Tokens in Symfony
License MIT
Informations about the package jwt-refresh-token-bundle
JWTRefreshTokenBundle
The purpose of this bundle is manage refresh tokens with JWT (Json Web Tokens) in an easy way. This bundles uses LexikJWTAuthenticationBundle. At the moment only supports Doctrine ORM.
Prerequisites
This bundle requires Symfony 3.3+ or 4.0+.
If you want to use this bundle with previous Symfony versions, please use 0.2.x releases.
Protip: Though the bundle doesn't enforce you to do so, it is highly recommended to use HTTPS.
Installation
Step 1: Download the Bundle
Add terehinis/jwt-refresh-token-bundle
to your composer.json
file:
or edit composer.json:
// ...
"terehinis/jwt-refresh-token-bundle": "~0.1",
// ...
Step 2: Enable the Bundle
Then, enable the bundle by adding the following line in the app/AppKernel.php
file of your Symfony application:
Step 3: Configure your own routing to refresh token
Open your main routing configuration file (usually app/config/routing.yml
) and copy the following four lines at the very beginning of it.
Step 4: Allow anonymous access to refresh token
Add next lines on security.yml file:
Step 5: Update your schema
With the next command you will create a new table to handle your refresh tokens
USAGE
Config TTL
You can define Refresh Token TTL. Default value is 1 month. You can change this value adding this line to your config.yml file:
Config User identity field
You can change user identity field. Make sure that your model user has getter
for this field. Default value is username
. You can change this value by adding this line to your config.yml file:
Config TTL update
You can expand Refresh Token TTL on refresh. Default value is false. You can change this value adding this line to your config.yml file:
This will reset the token TTL each time you ask a refresh.
Config Firewall Name
You can define Firewall name. Default value is api. You can change this value adding this line to your config.yml file:
Config UserProvider
You can define your own UserProvider. By default we use our custom UserProvider. You can change this value by adding this line to your config.yml file:
For example, if you are using FOSUserBundle, user_provider_service_id must be set to fos_user.user_provider.username_email
.
Use another entity for refresh tokens
You can define your own entity for refresh tokens.
Create the entity class extending terehinis\JWTRefreshTokenBundle\Entity\RefreshToken
in you own bundle:
Then declare this entity adding this line to your config.yml file:
Use another entity manager
You can tell JWTRefreshTokenBundle to use another entity manager than default one (doctrine.orm.entity_manager).
Just add this line to your config.yml file:
Generating Tokens
When you authenticate through /api/login_check with user/password credentials, LexikJWTAuthenticationBundle now returns a JWT Token and a Refresh Token data.
This refresh token is persisted in RefreshToken entity. After that, when your JWT valid token expires, if you want to get a new one you can proceed in two ways:
-
Send you user credentials again to /api/login_check. This generates another JWT with another Refresh Token.
- Ask to renew valid JWT with our refresh token. Make a POST call to /api/token/refresh url with refresh token as payload. In this way, you can always get a valid JWT without asking for user credentials. But you must notice if refresh token is still valid. Your refresh token do not change but valid datetime will increase.
This call returns a new valid JWT token renewing valid datetime of your refresh token.
Useful Commands
We give you two commands to manage tokens.
Revoke all invalid tokens
If you want to revoke all invalid (datetime expired) refresh tokens you can execute:
Optional argument is datetime, it deletes all tokens smaller than this datetime:
We recommend to execute this command with a cronjob to remove invalid refresh tokens every certain time.
Revoke a token
If you want to revoke a single token you can use this:
Events
If you want to do something when token is refreshed you can listen for terehinis.refresh_token
event.
For example:
All versions of jwt-refresh-token-bundle with dependencies
symfony/framework-bundle Version ~3.3|~4.0
symfony/validator Version ~3.3|~4.0
doctrine/orm Version ^2.4.8
doctrine/doctrine-bundle Version ~1.4
lexik/jwt-authentication-bundle Version ^1.1|^2.0@dev