Token is obsolete
-
I am using application passwords in conjunction with JWT Auth. I am able to auth against /token successfully. When I then attach the token as a Bearer token on subsequent calls, I receive a 403 jwt_auth_obsolete_token on the very first request but then get a 200 on following requests. I just get the obsolete message on the very first time using the token. Any ideas what would cause this?
-
Also running into this problem. The reason is that the initial JWT token doesn’t contain the
passproperty.The following line is the cause:
$pass = ( empty( $pass ) ) ? $this->refresh_pass( $user->ID ) : $pass;The
$this->refresh_pass()function doesn’t return the generated pass. This causes the initial token to always be invalid (obsolete).As workaround, change the
refresh_passfunction like so:/** * Refresh the pass value in user meta. * * @param int $user_id The user id. * @return string The generated pass */ private function refresh_pass( $user_id ) { $pass = md5( uniqid( wp_rand(), true ) ); update_user_meta( $user_id, 'jwt_auth_pass', $pass ); return $pass; }
The topic ‘Token is obsolete’ is closed to new replies.
