Explain usage of refreshToken

[Bouni]

If I use the authToken mutation as explained in the README.
jwt_schema defines :

 type TokenAuth {
        token: String
        refresh_token: String
        payload: GenericScalar
    }

If I login, I receive this:

{
  "data": {
    "tokenAuth": {
      "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwiZXhwIjoxNjQ3NjE1Nzk3LCJvcmlnSWF0IjoxNjQ3NjEyMTk3fQ.j5BQ-KhQeqwJv0hjMTYDP2D4Py1uIKcJpPlSeCR8qmg",
      "refresh_token": null,
      "payload": null
    }
  }
}

refresh_token and payload are always null ....

In an attempt to refresh the token, I tried the refreshToken mutation and passed my current token, which worked and got me this response:

{
  "data": {
    "refreshToken": {
      "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwiZXhwIjoxNjQ3NjE1OTA0LCJvcmlnSWF0IjoxNjQ3NjEyMTk3fQ.hwH4EruJ_21_XjmEb42VPpgpuzprWr29654OG-C1ELE",
      "refresh_token": null,
      "payload": {
        "username": "admin",
        "exp": 1647615904,
        "origIat": 1647612197
      }
    }
  }

Again, refresh_token is null as well

What's the idea behind those two? I expected to get a token and a refresh token as result of the tokenAuth mutation and that I need to use the refresh token with the refreshToken mutation in order to receive a new pair of tokens!?

Can you please bring some light into this?

Also I wonder how to logout a user? Simply delete the token on the client side?

[Usama0121]

By default, you receive a token that is not stored in DB and is used as a refresh token as you have mentioned above

2nd option is to enable long-running refresh token in settings after enabling that you will receive refreshToken in tokenAuth mutation that is stored in DB which and can be revoked prematurely using revokeToken mutation

[Usama0121]

Not getting a payload in tokenAuth is a bug and will be fixed in next release