Cakephp 3.6.x: JWT/Admad refresh token raised exception


I’m developed an API with cake by using REST. From m app, I authenticate user with a json web token by using the plugin JWT/ADmad.

Everything works fine if I log in and log out. But when I need to refresh the token, it’s not working. An exception is raised as “expired token”. I found no way to debug or to intercept the expired token and be able to refresh the token.

I tried by using two tokens as mentioned but even if I send the refresh token to check if it’s still valid from cake, it raised an exception: Expired token.

I can do nothing more, no debbug, no error log, … except Expired token. I checked the plugin code the exception should right. Does someone got this issue before ?

So I’m wondering how to refresh the token if this one is expired…I don’t find any example, so if someone have an idea on how to solve this with cake ?

Thanks :wink:

Once a token expires nothing can be done. You aren’t supposed to intercept it.

The plugin itself has no mechanism for token refresh.

So either use single lived tokens and when it expires make the client send request for new token by submitting his login/password again.

If you are using 2 tokens then instead of login/password the client would submit it’s long lived token for authentication.

Thanks @ADmad. Oki, you confirm my last thoughts…

Let’s check the way with a refresh token. :wink:


I have implemented admad JWT plugin. I’m facing problem to customise API url
I have this URL : http://localhost/api/users/token.json

wants to change above url to this url : http://localhost/api/token
I also tried http://localhost/api/users/token
It gives me an error that “the requested address
‘/api/users/token’ was not found on this server.”

How can I customise this?

What, specifically, did you do to try what you tried?