indiepass-android icon indicating copy to clipboard operation
indiepass-android copied to clipboard
verified publisher icon IndiePass

Feature request: support expiring access tokens

Open FenTiger opened this issue 1 year ago • 0 comments

IndiePass appears to expect that the received access_token will be valid forever. If the server responds with a HTTP 401, this gets displayed to the user as an error.

If the access_token has expired, the server will respond with a 401 with a WWW-Authenticate: error="invalid_token" header: https://datatracker.ietf.org/doc/html/rfc6750#section-3.1

It would be useful if IndiePass could spot this error and either restart the login process from the beginning, or make use of a refresh_token if one was present in the initial access token response.

FenTiger avatar Jan 27 '25 14:01 FenTiger