Refresh Token Issue

[wuuuduu]

RefreshAuthTokenSerializer has bug in validate method.
In situation if token is expired, but still could be refreshed it returns an error saying "Token is expired", but is should not raise this error.

As I see, we are calling payload = _check_payload(token=token) which is responsible for raising this error.

One of many ways to fix it:

file loc: rest_framework_jwt.serializers._check_payload

def _check_payload(token):
      try:
          payload = JSONWebTokenAuthentication.jwt_decode_token(token)

=>

def _check_payload(token, *args, **kwargs):
      try:
          payload = JSONWebTokenAuthentication.jwt_decode_token(token, *args, **kwargs)

---

file loc:  rest_framework_jwt.serializers.RefreshAuthTokenSerializer.validate

payload = _check_payload(token=token)

=>

payload = _check_payload(token=token, check_jwt_verify_expiration=False)

---

file loc: rest_framework_jwt.utils.jwt_decode_token

def jwt_decode_token(token):
  options = {
        'verify_exp': api_settings.JWT_VERIFY_EXPIRATION,
     }

=>

def jwt_decode_token(token, check_jwt_verify_expiration=True):
  options = {
        'verify_exp': api_settings.JWT_VERIFY_EXPIRATION and check_jwt_verify_expiration,
     }

[wuuuduu]

and I think we should introduce new setting which will tell if app should rotate refresh token.

For now, we are not rotating token, because: new_payload['orig_iat'] = orig_iat <- which won't change life time of refresh token
we could do something like this:
file: rest_framework_jwt.serializers.RefreshAuthTokenSerializer.validate

if api_settings.ROTATE_REFRESH_TOKEN **is False**:
   `new_payload['orig_iat'] = orig_iat`