website icon indicating copy to clipboard operation
website copied to clipboard
verified publisher icon FAForever

Passport refresh token if stale

Open fcaps opened this issue 2 years ago • 0 comments

The website session is longer than the token ttl from hydra, so you can be logged in while your token is outdated. To combat this we need some automatic check if the token is stale and refresh it if possible.

For axios it could look like:

instance.interceptors.request.use(config => {
    if (token.expired()) {
      token = token.refresh()
    }

    config.headers['Authorization'] = `Bearer ${token.token.access_token}`;
    return config;
  });

open questions:

  • what if we cannot refresh? maybe throw an exception that can trigger client redirect to login?
  • how to make this globally available? maybe some global axiosClient?
  • how to implement this in tiny steps

fcaps avatar Nov 20 '23 00:11 fcaps