websanova
How routes work with meta: auth
I'm not completely sure to understand how routes work with this library.
Assuming that we have 2 parent components acting as landing pages. We do the login, we get token and refresh_token, and finally, we get redirected to Parent1.vue.
A few minutes later the token expires and after that, we navigate to Parent2.vue.
How can we know that token is already expired? I used to verify it via interceptors when an API call is done, but if we have no API calls at all, how can we handle this?
If the page gets refreshed there no issue since refresh() is triggered, but what happens while no requests are made?
Do I need to request a kind of check every time a route is loading?
I assume that meta: { auth: true } just validates against localStorage which will exist despite the token is expired on the server.
So it's relying on the api to come back with a specific error code such as a 403 or something which it detects by default. Otherwise there is an auto refresh ping that will occur to continually fetch a new token, so in theory as long as the app is open it wouldn't expire.
If you want to do some force logout after inactivity, I think a simple intercept/timer or mousemove/timer could do it.
I'm just asking because of your experience, I'm far away to be an expert in regard to token manipulation.
What if there is a forced expiration of tokens on the server-side, in that case, you will have a stored token in your vue App but since you are not performing any action, the library is not noticed about it until refresh() is done.
Is it a good idea to perform an Axios check in beforeEach router guard and based on response redirect to login or move forward?
I'm worried about letting the user navigates to a route in between token is expired and refresh() is triggered. Maybe a way to extend the $auth.ready() to dispatch a request? Just thinking out loud
So this is already done via an interval check automatically and you can increase the timing for that.