Skip to content

feat: Implement JWT refresh token for authorization (#2230) #2349

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: development
Choose a base branch
from
Open

feat: Implement JWT refresh token for authorization (#2230) #2349

wants to merge 1 commit into from

Conversation

aggarwalpulkit596
Copy link
Contributor

Fixes #2230

@auto-label auto-label bot added the feature label Sep 18, 2019
@aggarwalpulkit596
Copy link
Contributor Author

@iamareebjamal do take a look for refreshtokenservice
i made a singleton class for that would that be okay?

@aggarwalpulkit596
Copy link
Contributor Author

@iamareebjamal one more thing to update the values of refresh token and access token throughout the application we need to have authholder dependency inside the tokenautheticator class

iamareebjamal
iamareebjamal reviewed Sep 18, 2019
View reviewed changes
app/src/main/java/org/fossasia/openevent/general/auth/RefreshTokenService.kt
.baseUrl(BuildConfig.DEFAULT_BASE_URL)
.build()
val api: AuthApi = retrofit.create(AuthApi::class.java)
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Make it like other classes with DI, and manually inject

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Manually inject this class into the TokenAutheticator?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@iamareebjamal take a look and i also couldn't figure out a method to logout user in case if the refresh token is expired

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Delete the tokens

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh yes right 😅

@iamareebjamal
Copy link
Member

Travis is failing

aggarwalpulkit596
aggarwalpulkit596 commented Sep 18, 2019
View reviewed changes
app/src/fdroid/java/org/fossasia/openevent/general/auth/TokenAuthenticator.kt Outdated
.build()
}
} else {
response.request
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should i delete the token here itself ? This is the case if the existing refresh token is not valid anymore

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes

@aggarwalpulkit596 aggarwalpulkit596 force-pushed the 2230 branch 3 times, most recently from 52a6cf2 to 3f25fc2 Compare September 18, 2019 18:52
nikit19
nikit19 reviewed Sep 19, 2019
View reviewed changes
Copy link
Member

@nikit19 nikit19 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Build is failing. Probably due to indentation

@aggarwalpulkit596
Copy link
Contributor Author

there is a failed dependency test @iamareebjamal can you please look

@iamareebjamal
Copy link
Member

Which means it'll crash on runtime. Run the app and debug

@aggarwalpulkit596
Copy link
Contributor Author

Okay means crashing for a specific case 😅 can you please tell how to manually expire jwt token

@iamareebjamal
Copy link
Member

iamareebjamal commented Sep 20, 2019
edited
Loading

You can't. What's the usecase

@aggarwalpulkit596
Copy link
Contributor Author

Then how do i check because refreshtokenservice dependancy is failing

@iamareebjamal
Copy link
Member

You have to break the circular dependency by manually injecting

@aggarwalpulkit596
Copy link
Contributor Author

@iamareebjamal sorry for the delay will finalize this today

@aggarwalpulkit596
Copy link
Contributor Author

@iamareebjamal i've completed this but is there any way I can manually check whether it is working or not?

@aggarwalpulkit596
Copy link
Contributor Author

Also what it TTL for the jwt token

@iamareebjamal
Copy link
Member

iamareebjamal commented Oct 28, 2019
edited
Loading

24 hours

30 minutes if using refresh tokens

@adityastic
Copy link
Contributor

@iamareebjamal can I take this up?

@iamareebjamal
Copy link
Member

Yes

@iamareebjamal iamareebjamal mentioned this pull request May 8, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@iamareebjamal iamareebjamal iamareebjamal left review comments

@nikit19 nikit19 nikit19 left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Implement refresh tokens authentication
4 participants
@aggarwalpulkit596 @iamareebjamal @adityastic @nikit19