I'm currently trying to implement the refresh token functionality, but I always get the error:

Credentials are not provided

The request is made using axios with withCredentials: true enabled in the options.

Here's the code for the server:

@router.post(
    "/refresh",
)
async def refresh_token(
    response: Response,
    credentials: JwtAuthorizationCredentials = Security(refresh_security),
    db: Session = Depends(get_db),
):
    logger.info("Request: Refresh -> New Request to refresh JWT token.")

    user = get_user_by_id(db, credentials["id"])

    logger.info("Request: Refresh -> Returning new credentials.")

    set_authentication_cookies(response, user)

    return {
        "user": user,
        "detail": "Token refreshed successfully!"
    }

Changes:

1. Remove the version upper-limit for Python, fastapi, and python-jose
2. Add Python 3.10 to the Test workflow
   • testing against 3.10 is passing

Cheers! Kyle

Hi @k4black ,

FYI:this is just a proposal and not complete PR. If you agree, i will enrich the PR

Proposal: I would like to propose to add custom message as a param when creating a bearer token and refresh token. i have a use case where i need to pass different languages as message.

"credentials: JwtAuthorizationCredentials = Security(refresh_security)" allows only the refresh token. "credentials: JwtAuthorizationCredentials = Security(access_security)" allows both the access token and the refresh token. did you intend this?

class JwtAccess(JwtAuthBase):

def __init__(
    self,
    secret_key: str,
    places: Optional[Set[str]] = None,
    auto_error: bool = True,
    algorithm: str = jwt.ALGORITHMS.HS256,
    access_expires_delta: Optional[timedelta] = None,
    refresh_expires_delta: Optional[timedelta] = None,
):
    super().__init__(
        secret_key,
        places=places,
        auto_error=auto_error,
        algorithm=algorithm,
        access_expires_delta=access_expires_delta,
        refresh_expires_delta=refresh_expires_delta,
    )

async def _get_credentials(
    self,
    bearer: Optional[JwtAuthBase.JwtAccessBearer],
    cookie: Optional[JwtAuthBase.JwtAccessCookie],
) -> Optional[JwtAuthorizationCredentials]:
    payload = await self._get_payload(bearer, cookie)

    if payload:
        return JwtAuthorizationCredentials(
            payload["subject"], payload.get("jti", None)
        )
    return None

class JwtRefresh(JwtAuthBase):

def __init__(
    self,
    secret_key: str,
    places: Optional[Set[str]] = None,
    auto_error: bool = True,
    algorithm: str = jwt.ALGORITHMS.HS256,
    access_expires_delta: Optional[timedelta] = None,
    refresh_expires_delta: Optional[timedelta] = None,
):
    super().__init__(
        secret_key,
        places=places,
        auto_error=auto_error,
        algorithm=algorithm,
        access_expires_delta=access_expires_delta,
        refresh_expires_delta=refresh_expires_delta,
    )

async def _get_credentials(
    self,
    bearer: Optional[JwtAuthBase.JwtRefreshBearer],
    cookie: Optional[JwtAuthBase.JwtRefreshCookie],
) -> Optional[JwtAuthorizationCredentials]:
    payload = await self._get_payload(bearer, cookie)

    if payload is None:
        return None

    if "type" not in payload or payload["type"] != "refresh":
        if self.auto_error:
            raise HTTPException(
                status_code=HTTP_401_UNAUTHORIZED,
                detail="Wrong token: 'type' is not 'refresh'",
            )
        else:
            return None

    return JwtAuthorizationCredentials(
        payload["subject"], payload.get("jti", None)
    )

Im unable to install this project in my python 3.10 project, as you have pinned >=3.7,<3.10 in setup.cfg

I think this code will probably run with 3.10

I am looking for a fast api jwt extension that is still maintained. Looks like this repo was created to replace poorly maintained fastapi-jwt-auth but you have PRs opened for 3 months...