I have built an API with Laravel (5.3.30) and the package Dingo (1.0.0-beta8). For authentication I am using JWT-Auth (^0.5.12). JWT-Auth comes with a middleware to enable "Token Refreshing" out of the box.
Once you log in you get a token. When you use it to make a new request, the token is blacklisted but with the expected response comes a new token (it's in response's Headers) so you can use it to keep making new requests "recycling" the token.
Now lets suppose that I have an endpoint to create a new Post. This endpoints has two possible ways.
The first one, you send all the required params by the backend to create the Post so it's created and a 200 response is returned with the created Post.
The second possible way, you DO NOT send all the required params so a 422 Unprocessable Entity response is returned BUT without a new token to make the next request.
I don't know if this is a bug or this is an expected behaviour (this is my first time building an API for a real project). If this is the expected behaviour how should I handle these situations?
All my code related to this is the route ussing the middleware:
$api->post('posts', ['middleware' => ['api.auth', 'jwt.refresh'], 'uses' => 'App\Http\Controllers\PostController@store']);
