Refresh token in header as "Authorization: Bearer" for refresh method

[UtopiaBe]

Is your feature request related to a problem? Please describe.

Some backend servers require the refresh_token to be passed as: "Authorization: Bearer " header.

Describe the solution you'd like to see

Create an option to pass the refresh_token as "Authorization: Bearer " for Refresh method.

[bmulholland]

What backend servers require this? Does this mean the server doesn't have an access token?

[UtopiaBe]

FastAPI JWT Auth,
Flask JWT Extended.

I mean, they require the "refreshed token" to be placed in the "Authorization: Bearer" header.

[Merton]

+1 for this feature please

https://flask-jwt-extended.readthedocs.io/en/stable/refreshing_tokens/#explicit-refreshing-with-refresh-tokens

[hamedf62]

FastAPI JWT Auth, Flask JWT Extended.

I mean, they require the "refreshed token" to be placed in the "Authorization: Bearer" header.

i have same problem.

flask JWT require FreshToken as Bearer in header
but Nuxt Auth module cant send Refresh Token as header. please help.
how can i develop Custom Scheme for this problem?

[UtopiaBe]

FastAPI JWT Auth, Flask JWT Extended.
I mean, they require the "refreshed token" to be placed in the "Authorization: Bearer" header.

i have same problem.

flask JWT require FreshToken as Bearer in header but Nuxt Auth module cant send Refresh Token as header. please help. how can i develop Custom Scheme for this problem?

Hey, i have solved this issue by getting the refresh token by get_raw_jwt() function.
here is my code:

Nuxt js logout function:

async logout() {
  await this.$axios.$post('/api/auth/logout/refresh', 
    { refresh_token: this.$auth.strategy.refreshToken.get() }
   )
  await this.$auth.logout()
}

FastAP refresh invoke function:

@router.post(
    "/logout/refresh",
    response_model=schemas.Revoke,
)
def refresh_revoke(
    refresh_token: schemas.Refresh,
    Authorize: MyAuthJWT = Depends()
) -> JSONResponse:

Authorize.jwt_required()
jti = Authorize.get_raw_jwt(refresh_token.refresh_token)['jti']
denylist.setex(jti, settings.AUTHJWT_ACCESS_TOKEN_EXPIRES, 'true')

return dict(detail="Refresh token has been revoked")

FastAPI access invoke function:

@router.delete(
    "/logout/access",
    response_model=schemas.Revoke,
)
def access_revoke(
    Authorize: MyAuthJWT = Depends()
) -> JSONResponse:

Authorize.jwt_required()
jti = Authorize.get_raw_jwt()['jti']
denylist.setex(jti, settings.AUTHJWT_REFRESH_TOKEN_EXPIRES, 'true')

return dict(detail="Access token has been revoked")

[marr]

I am also having this issue. My IDP requires a valid token for the /refresh endpoint. It can be a refresh or an access token. If I use the tokenRequired setting, the access token thats sent is already expired. So I'd either need to:

1. send the refresh token in as a bearer token in the header. (I also need the data to be sent in the payload.. weird api)
2. refresh the token earlier. Not sure how feasible this since there is no polling that I know of, so we'd likely be getting unauthorized requests to refresh unless we do: 1) above.