-
Notifications
You must be signed in to change notification settings - Fork 158
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Refresh and Access tokens are not included in the Redis database #39
Comments
Hello, @8thgencore there is no need to load tokens all time on Redis just when a password is changed please check this diagram. It uses that logic #14 (comment) |
I agree get_refresh_token is not the best name for that handler please check this commit 8846821 I do not think it is a good idea to update the refresh token. They should be created using user credentials. |
It seems to me that the OAuth2PasswordBearer function is better to use on endpoint /login And /new-refresh-token rename as /refresh-token |
When we call this function await add_token_to_redis(
redis_client,
user,
access_token,
TokenType.ACCESS,
settings.ACCESS_TOKEN_EXPIRE_MINUTES,
) the parameter settings.ACCESS_TOKEN_EXPIRE_MINUTES is put as seconds, not minutes. |
Hello @8thgencore you are right I did a mistake you can have the bug solved here 9f0f62f |
|
in order to have a dedicated system for AuthN and AuthZ I am planning to add https://github.com/yezz123/authx or https://github.com/fastapi-users/fastapi-users or Fief https://docs.fief.dev/self-hosting/quickstart/ |
Please tell me what the route is used for: @router.post("/access-token")
async def login_access_token(
form_data: OAuth2PasswordRequestForm = Depends(),
redis_client: Redis = Depends(get_redis_client),
) -> TokenRead: if there is a route: @router.post("")
async def login(
email: EmailStr = Body(...),
password: str = Body(...),
meta_data: IMetaGeneral = Depends(deps.get_general_meta),
redis_client: Redis = Depends(get_redis_client),
) -> IPostResponseBase[Token]: |
Keep working with it, eventually you will have the epiphany. |
Hello @tweaker the first one is connected with the openapi documentation so you are able to test APIs when you authorize. it is its main purpose if you remove it you can not use openapi documentation. While the second one is a login API. Its purpose is to allow clients to authenticate using a post method. like a web or mobile |
This should be closed |
During use, I noticed that Refresh and Access tokens do not get into the Redis database
try to connect and see what data is in the redis database
During authorization, after using the get_valid_tokens function, we get an empty set().
And that's why writing to redis doesn't happen
I don't understand why the function is called get_refresh_token if we get a new access token at the end.
It would be logical to update the refresh token together too.
The text was updated successfully, but these errors were encountered: