Token is obsolete

  • I am using application passwords in conjunction with JWT Auth. I am able to auth against /token successfully. When I then attach the token as a Bearer token on subsequent calls, I receive a 403 jwt_auth_obsolete_token on the very first request but then get a 200 on following requests. I just get the obsolete message on the very first time using the token. Any ideas what would cause this?

Viewing 6 replies - 1 through 6 (of 6 total)

  • The same is happening to me since I updated to the latest JWT Auth version…

    Also running into this problem. The reason is that the initial JWT token doesn’t contain the pass property.

    The following line is the cause:

    
$pass = ( empty( $pass ) ) ? $this->refresh_pass( $user->ID ) : $pass;

    The $this->refresh_pass() function doesn’t return the generated pass. This causes the initial token to always be invalid (obsolete).

    As workaround, change the refresh_pass function like so:

    
/**
 * Refresh the pass value in user meta.
 *
 * @param int $user_id The user id.
 * @return string The generated pass
 */
private function refresh_pass( $user_id ) {
    $pass = md5( uniqid( wp_rand(), true ) );

    update_user_meta( $user_id, 'jwt_auth_pass', $pass );

    return $pass;
}
    • This reply was modified 3 years, 1 month ago by chrisvd.
    edouardflowasia

    (@edouardflowasia)

    Same issue after updating. Is there an update coming to fix this ?

    ideasandpixels

    (@ideasandpixels)

    This is happening to my eCommerce client. Having people generate a new token seems to fix it, but this has cost us tens of thousands of dollars. ??

    Same problem here! Just took me hours of searching/debugging till I found this thread.
    We really need a fix. ??

    Thanks to @chrisvd for the hotfix!
    It works that way until the plugin will fix it.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Token is obsolete’ is closed to new replies.