/** * Check the token in the refresh flow context. * * @param array $payload * * @throws \Tymon\JWTAuth\Exceptions\TokenExpiredException * * @return bool */ protected function validateRefresh(array $payload) { if (isset($payload['iat']) && Utils::isPast($payload['iat'] + $this->refreshTTL * 60)) { throw new TokenExpiredException('Token has expired and can no longer be refreshed'); } return true; }