Title: Token is obsolete Last modified: September 23, 2021 --- # Token is obsolete * [gravoc](https://wordpress.org/support/users/gravoc/) * (@gravoc) * [4 years, 6 months ago](https://wordpress.org/support/topic/token-is-obsolete/) * I am using application passwords in conjunction with JWT Auth. I am able to auth against /token successfully. When I then attach the token as a Bearer token on subsequent calls, I receive a 403 jwt_auth_obsolete_token on the very first request but then get a 200 on following requests. I just get the obsolete message on the very first time using the token. Any ideas what would cause this? Viewing 6 replies - 1 through 6 (of 6 total) * [Salva Machi](https://wordpress.org/support/users/salvamb/) * (@salvamb) * [4 years, 6 months ago](https://wordpress.org/support/topic/token-is-obsolete/#post-14964943) * The same is happening to me since I updated to the latest JWT Auth version… * [chrisvd](https://wordpress.org/support/users/chrisvd/) * (@chrisvd) * [4 years, 6 months ago](https://wordpress.org/support/topic/token-is-obsolete/#post-14969375) * Also running into this problem. The reason is that the initial JWT token doesn’t contain the `pass` property. * The following line is the cause: * ``` $pass = ( empty( $pass ) ) ? $this->refresh_pass( $user->ID ) : $pass; ``` * The `$this->refresh_pass()` function doesn’t return the generated pass. This causes the initial token to always be invalid (obsolete). * As workaround, change the `refresh_pass` function like so: * ``` /** * Refresh the pass value in user meta. * * @param int $user_id The user id. * @return string The generated pass */ private function refresh_pass( $user_id ) { $pass = md5( uniqid( wp_rand(), true ) ); update_user_meta( $user_id, 'jwt_auth_pass', $pass ); return $pass; } ``` - This reply was modified 4 years, 6 months ago by [chrisvd](https://wordpress.org/support/users/chrisvd/). * [edouardflowasia](https://wordpress.org/support/users/edouardflowasia/) * (@edouardflowasia) * [4 years, 5 months ago](https://wordpress.org/support/topic/token-is-obsolete/#post-15029465) * Same issue after updating. Is there an update coming to fix this ? * [ideasandpixels](https://wordpress.org/support/users/ideasandpixels/) * (@ideasandpixels) * [4 years, 5 months ago](https://wordpress.org/support/topic/token-is-obsolete/#post-15048169) * This is happening to my eCommerce client. Having people generate a new token seems to fix it, but this has cost us tens of thousands of dollars. 🙁 * [Timo](https://wordpress.org/support/users/timothywp/) * (@timothywp) * [4 years, 4 months ago](https://wordpress.org/support/topic/token-is-obsolete/#post-15165359) * Same problem here! Just took me hours of searching/debugging till I found this thread. We really need a fix. 🙂 * [Timo](https://wordpress.org/support/users/timothywp/) * (@timothywp) * [4 years, 4 months ago](https://wordpress.org/support/topic/token-is-obsolete/#post-15166624) * Thanks to [@chrisvd](https://wordpress.org/support/users/chrisvd/) for the hotfix! It works that way until the plugin will fix it. Viewing 6 replies - 1 through 6 (of 6 total) The topic ‘Token is obsolete’ is closed to new replies. * ![](https://ps.w.org/jwt-auth/assets/icon-256x256.png?rev=2298869) * [JWT Auth - WordPress JSON Web Token Authentication](https://wordpress.org/plugins/jwt-auth/) * [Frequently Asked Questions](https://wordpress.org/plugins/jwt-auth/#faq) * [Support Threads](https://wordpress.org/support/plugin/jwt-auth/) * [Active Topics](https://wordpress.org/support/plugin/jwt-auth/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/jwt-auth/unresolved/) * [Reviews](https://wordpress.org/support/plugin/jwt-auth/reviews/) * 6 replies * 6 participants * Last reply from: [Timo](https://wordpress.org/support/users/timothywp/) * Last activity: [4 years, 4 months ago](https://wordpress.org/support/topic/token-is-obsolete/#post-15166624) * Status: not resolved