jwt刷新token时 JWTAuth::refresh($old_token) 报出异常The token has been blacklisted，这个是什么原因
...
public function refreshToken(Request $request){

    try {
        $old_token = JWTAuth::getToken();
        $token = JWTAuth::refresh($old_token);
        JWTAuth::invalidate($old_token);
    } catch (TokenExpiredException $e) {
        return response()->json(['token_expired'], $e->getStatusCode());
    } catch (JWTException $e) {
        return response()->json(['error' => 'could_not_create_token'], 500);
    }
    return response()->json(compact('token'));
}

...

是的，把post改成get能成功，post不行

用这个公众号的开发包https://github.com/overtrue/laravel-wechat

按照vue.js 2.0教程的《Vuejs 和 Laravel API 前后端分离》使用cors解决跨域问题，get请求能够正常，但post请求未能通过。

前端请求：

this.axios.post('http://xxx.xx/api/user/login', {
                            username: 'username',
                            pwd: 'pwd'
                        })
                        .then(function (response) {
                            console.log(response);
                        })
                        .catch(function (error) {
                            console.log(error);
                        });

后端路由：
api.php

Route::middleware('cors:api')->post('/user/login', function (Request $request) {
    return 'posttest';
});

VerifyCsrfToken.php $except中添加'/api/user/login'

错误提示：
XMLHttpRequest cannot load http://xxx.xx/api/user/login. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8080' is therefore not allowed access.