magic-admin-js
magic-admin-js copied to clipboard
magiclabs
Token expires after a brief amount of time
โ Prerequisites
- [x] Did you perform a cursory search of open issues? Is this bug already reported elsewhere?
- [x] Are you running the latest SDK version?
- [x] Are you reporting to the correct repository (
@magic-sdk/admin)?
๐ Description
After signing in and performing various operations (on localhost), I get a notification that the DID Token has expired, usually around 10 - 30 minutes after having signed in.
The exception is thrown by await magic.token.validate(token).
๐ค Expected behavior
I expect await magic.token.validate(token) to validate the token and not expire it so quickly.
๐ฎ Actual behavior
MagicAdminSDKError: Magic Admin SDK Error: [ERROR_DIDT_EXPIRED] DID Token has expired. Request failed authentication.
at new MagicAdminSDKError (/Users/martinadams/Apps/Ecstatic/ecstatic/node_modules/@magic-sdk/admin/dist/core/sdk-exceptions.js:22:28)
at Object.createTokenExpiredError (/Users/martinadams/Apps/Ecstatic/ecstatic/node_modules/@magic-sdk/admin/dist/core/sdk-exceptions.js:34:12)
at TokenModule.validate (/Users/martinadams/Apps/Ecstatic/ecstatic/node_modules/@magic-sdk/admin/dist/modules/token/index.js:78:36)
at ApisUtilsAuthGetMetadata (webpack-internal:///(api)/./apis/utils/auth/getMetadata.js:17:27)
at ApisUtilsAuthVerify (webpack-internal:///(api)/./apis/utils/auth/verify.js:20:134)
at PagesApiEventGet (webpack-internal:///(api)/./pages/api/event/get/index.js:17:120)
at Object.apiResolver (/Users/martinadams/Apps/Ecstatic/ecstatic/node_modules/next/dist/server/api-utils/node.js:182:15)
at runMicrotasks (<anonymous>)
at processTicksAndRejections (node:internal/process/task_queues:96:5)
at async DevServer.runApi (/Users/martinadams/Apps/Ecstatic/ecstatic/node_modules/next/dist/server/next-server.js:386:9) {
code: 'ERROR_DIDT_EXPIRED',
data: []
}
๐ป Code Sample
Hereโs my auth function:
const magic = new Magic(process.env.MAGIC)
try {
await magic.token.validate(token)
const metadata = await magic.users.getMetadataByToken(token)
return { data: metadata }
} catch (err) {
console.error(err)
await magic.users.logoutByToken(token)
return { error: err }
}
๐ Environment
| Software | Version(s) |
|---|---|
@magic-sdk/admin |
1.3.4 |
| Node | 17.4.0 |
yarn |
1.22.17 |
| Operating System | macOS 12.2.1 |
const MAGIC_TOKEN_LIFESPAN = 604800;
magic.user.getIdToken({ lifespan: MAGIC_TOKEN_LIFESPAN });
This is the max amount of time which is 7 days. In which case you should log the user out of the application and make them login again.
A bigger issue is that magic.user.isLoggedIn() returns true even when the token is expired so you need to use the admin package to check it on a backend API server.
@heymartinadams Thank you for reporting this. @bmeeder22 is correct here in that you may generate an ID token with a longer lifespan. Please note that the default lifespan of the DIDToken returned from the login method will be 15 minutes, so your observed behavior is expected.
@bmeeder22 magic.user.isLoggedIn() will check if the user has a valid session, and the default session length is 7 days. The minimum session length is also 7 days.
@bmeeder22 Linking our FAQ that explains the differences between session and DID token that you should find useful: https://magic.link/docs/auth/introduction/faq#sessions-and-tokens