ember-simple-auth icon indicating copy to clipboard operation
ember-simple-auth copied to clipboard

Published 20 hours ago verified publisher icon mainmatter

Allow access tokens to be refreshed to gain new rights

Open BryanCrotaz opened this issue 4 years ago • 2 comments

Access tokens are bearer tokens, so they contain the information regarding what this user is allowed to do.

Scenario:

  1. Administrator increases the rights of the logged in user.
  2. User has to wait until the access token expires (which is invisible to them) to get the new rights

User should be able to refresh their rights, under the hood calling

this.session.refreshToken

Of course some authentication methods don't use bearer tokens, so this would be meaningless in those cases.

Better:

this.session.authenticator.refreshToken

All ember-simple-auth needs to do is to make the authenticator object a public property of the session service.

BryanCrotaz avatar Feb 07 '21 10:02 BryanCrotaz

I need to do this as well, is there any activity here? My use case is the exact same as @BryanCrotaz where a user has certain claim data updated and I need a way to get a fresh token.

erichaus avatar Mar 20 '22 23:03 erichaus

Was able to get it working but would still be nice if refreshToken() were available on the service:

      // refresh the access token.
      const auth = getOwner(this).lookup('authenticator:jwt');
      const { token } = this.session.session.content.authenticated;
      auth.refreshAccessToken(token, 0);

erichaus avatar Mar 21 '22 01:03 erichaus