I'm using Django simple JWT to implement user authentication, I have done few adjustments so the access token and refresh token are sent as http-only cookies and everything works well
On the frontend I have implemented Persistent Login that would keep the user logged in when they refresh the page or close the browser etc.
But since I have enabled these settings:
"ROTATE_REFRESH_TOKENS": True,"BLACKLIST_AFTER_ROTATION": True,If the user keeps refreshing the page multiple times in a very short time, it might occur that a token is blacklisted before the user receives the new refresh token
is there a way to fix that?One possible fix yet I'm not sure of its reliability is disabling the automatic blacklisting and waiting for the frontend to send a request upon receiving the new refresh token, the request containing the old refresh token in its body like this
@api_view(['POST'])def blacklist_token(request): refreshToken = request.data.get("refresh") print(refreshToken) if refreshToken: token = tokens.RefreshToken(refreshToken) token.blacklist() return Response(status=status.HTTP_200_OK)PS: Using React.js on the frontend