1

I'm trying to get a new access token sending a post request to server. I'm using postman to send the refresh token and the function that handles this is bellow this paragraph. The server response is E_INVALID_JWT_REFRESH_TOKEN

async refresh({
    request,
    response,
    auth
  }) {
     try {
      const refresh_token = request.input('refresh_token')
      const decrypted = Encryption.decrypt(refresh_token)
      console.log(decrypted)
      const token = await auth.generateForRefreshToken(refresh_token, true)
      console.log('Token is',token)
      return response.status(200).json(token)
     } catch (error) {
       return response.status(401).json(error)
     }
  }

As you can see, I decrypted the token and it's ok. Also check the database and is ok.

Apparently I'm not the only one that have this error and an issue is closed in GitHub

UPDATE:

This is my config/auth.js

jwt: {
    serializer: 'LucidMongo',
    model: 'App/Models/User',
    scheme: 'jwt',
    uid: 'email',
    password: 'password',
    options: {
      secret: Env.get('APP_KEY'),
      expiresIn: '60m',
    }
  },
Golinmarq
  • 458
  • 9
  • 22
  • Can you share a sample project so I can reproduce the problem? (with config, ...) – crbast Mar 02 '20 at 06:46
  • 1
    @CrBast is a complex project but, The simple way to see it is that a send a POST request to the route /auth/refresh - with the variable refresh_token on the body - that calls the method `refresh()` from the AuthController – Golinmarq Mar 02 '20 at 13:20

2 Answers2

1

The + character is problematic. Errors with this character are common on query string.

If you log the result of refresh_token you might notice that the + character is replaced by a space.

Solutions

1. You can use libraries to convert request to a queryString

Example with query-string:

var query = queryString.stringify({
  refresh_token:
    "74f7c7e26621d231feb39c4a9c6a76bajOKUVX+J3LG/f4hJQzy3+hgL+p2w0VkRRw6xT/NnVxUofjh/zRVJJyuwGEfoCL+l"
});

Ouput (query):

refresh_token=74f7c7e26621d231feb39c4a9c6a76bajOKUVX%2BJ3LG%2Ff4hJQzy3%2BhgL%2Bp2w0VkRRw6xT%2FNnVxUofjh%2FzRVJJyuwGEfoCL%2Bl

2. You can use Request Body

https://en.wikipedia.org/wiki/HTTP_message_body

With this method, there is no need to convert the text

The best solution will depend on your needs.

Interesting links

How to include special characters in query strings

Plus sign in query string

HTTP GET with request body

crbast
  • 1,750
  • 1
  • 7
  • 16
  • 1
    Thanks! I found a similar answer before so in my case I make a POST request and send the `refresh_token` through the request body. Do you think I have to apply this solution too? – Golinmarq Mar 04 '20 at 21:51
  • You're welcome. Your solution is good. You can use both possibilities. It depends on your use. – crbast Mar 05 '20 at 06:36
  • I added your solution to my answer. Can you tell me if there are any changes to be made? – crbast Mar 05 '20 at 06:52
  • 1
    I tried to add this but it gives me the same error. I decrypted the token because I suspected that probably the problem was with the token and it's ok. Now, I don't know what to do – Golinmarq Mar 05 '20 at 17:30
  • Can you share your `config/auth.js`? Or you can also create an issue on github (https://github.com/adonisjs/adonis-auth) with a test project to reproduce the problem. – crbast Mar 05 '20 at 18:11
  • 1
    Done, I added my `config/auth.js` file – Golinmarq Mar 05 '20 at 22:13
0

That is depends on consensus of the character encoding between client and server you are apply.

eg:

Client:

encrypted = toUTF8(Encryption.encrypt(token));

Server:

decrypted = Encryption.decrypt(fromUTF8(refresh_token))
OO7
  • 565
  • 2
  • 9
  • encryptedUTF8 = CryptoJS.enc.Utf8.stringify(encryptedText); CryptoJS lib: https://www.npmjs.com/package/crypto-js. Or: function Utf8(text) { if (/u0080-\uFFFF/.test(text)) text = unescape(encodeURIComponent(text)); return text; } – OO7 Mar 05 '20 at 19:10