Project Tags

None

Referenced Files

	F117695934: D5730.1774879958.diff
	Sun, Mar 29, 2:12 PM

	F117578874: D5730.1774861788.diff
	Sun, Mar 29, 9:09 AM

	F117438705: D5730.1774835099.diff
	Sun, Mar 29, 1:44 AM

	F117426852: D5730.1774831790.diff
	Sun, Mar 29, 12:49 AM

Subscribers

mollekopf

Restricted Project

Details

Reviewers

mollekopf

Group Reviewers

Restricted Project

Commits

rKeb9ce8833157: To refresh a token only a refresh token should be needed

Summary

With some small code cleanup in tests

Test Plan

./phpunit

Diff Detail

Repository

rK kolab

Branch

dev/token-refresh-fix

Lint

Lint Skipped

Unit

No Test Coverage

Build Status

Buildable 55986
Build 19851: arc lint + arc unit

Event Timeline

machniak requested review of this revision.Nov 27 2025, 8:01 AM

machniak created this revision.

Harbormaster completed remote builds in B55983: Diff 16401.Nov 27 2025, 8:01 AM

A nicer way to get user id from a newly generated token

Harbormaster completed remote builds in B55986: Diff 16404.Nov 27 2025, 1:50 PM

Simplify code even more

Harbormaster completed remote builds in B55989: Diff 16407.Nov 28 2025, 9:22 AM

Looks tidy =) A clarification on the user retrieval magic would help, otherwise that seems good to go.

src/app/Http/Controllers/API/AuthController.php
193	I don't really follow why this->guard()->user() doesn't work here (maybe because this is called with the refresh token instead of the user token?), and retrieving it via event listener does look surpristing, so a clarifying comment might help: e.g. The token refresh is using a refresh token instead of an access toke, in which case this->guard()->user() doesn't work. We listen for the newly refreshed token, so we can resolve the user that is then used to directly return user-info in this request.

Improved comment

Harbormaster completed remote builds in B55992: Diff 16410.Nov 28 2025, 1:10 PM

mollekopf accepted this revision.Nov 28 2025, 1:30 PM

This revision is now accepted and ready to land.Nov 28 2025, 1:30 PM

Closed by commit rKeb9ce8833157: To refresh a token only a refresh token should be needed. · Explain WhyNov 28 2025, 1:45 PM

This revision was automatically updated to reflect the committed changes.

machniak added a commit: rKeb9ce8833157: To refresh a token only a refresh token should be needed.

To refresh a token only a refresh token should be needed
ClosedPublic
Actions

Details

Diff Detail

Event Timeline

Revision Contents
Changeset List

Diff 16404

src/app/Http/Controllers/API/AuthController.php

src/app/Http/Resources/AuthResource.php

src/app/Providers/PassportServiceProvider.php

src/resources/js/app.js

src/resources/vue/App.vue

src/routes/api.php

src/tests/Feature/Controller/AuthTest.php

To refresh a token only a refresh token should be neededClosedPublicActions

Details

Diff Detail

Event Timeline

Revision ContentsChangeset List

Diff 16404

src/app/Http/Controllers/API/AuthController.php

src/app/Http/Resources/AuthResource.php

src/app/Providers/PassportServiceProvider.php

src/resources/js/app.js

src/resources/vue/App.vue

src/routes/api.php

src/tests/Feature/Controller/AuthTest.php

To refresh a token only a refresh token should be needed
ClosedPublic
Actions

Revision Contents
Changeset List