Comments (3)
@prabhurajshell You should not have to check for expiry, nor do a manual refresh.
The library will refresh the token in the background as long as the refresh_token is valid. When (if ever) the refresh_token expires, it will trigger the onRefreshTokenExpire
-event which you can handle. Usually by doing a page refresh, triggering a new login.
from react-oauth2-pkce.
I'm gonna vote against a general 40x check at least. A 404 should not happen if the refresh token being expired, and the same applies to 403. I'll accept arguments that 401 might be ok, since technically you're no longer authenticated when this happens, but a 400 makes much more sense.
Still... we're working with a plethora of OAuth-providers, so maybe we can start with 400 and see if anyone creates issues that their providers uses 40x, and then add one by one?
from react-oauth2-pkce.
@soofstad Side question related to expiry of tokens : I don't see anything in the documentation regarding options to refresh tokens on expiry. How do we check if a token is expired/valid or renew it when required?
PS : Thank you for this simple and effective package. :)
from react-oauth2-pkce.
Related Issues (20)
- Compatibility with ie11 HOT 1
- 💡 [REQUEST] - Add ability to add headers to requests HOT 6
- 💡 [REQUEST] - Scope parameter is not supported on an authorization code access_token exchange request HOT 8
- Bug: Client authentication with confidential access isn't working HOT 6
- Bug: Redirects replace instead of creating a history entry HOT 2
- 💡 [REQUEST] - Parse (refresh) token expiration from token payload HOT 5
- 💡 [REQUEST] - Refresh access token without resetting the refresh token HOT 1
- Bug: "codeVerifier" and "state" are stored in sessionStorage despite "storage" parameter being "local" HOT 4
- Bug: Does not work correctly if routing type is hash HOT 2
- 💡 [Feature] - Ability to send custom headers in the authorization, token requests HOT 5
- 💡 [REQUEST] - Pass extra parameters to login()-function
- 💡 [FEATURE] - Option in login()-function to not redirect, but instead do it in an iframe or popup HOT 1
- 💡 [REQUEST] - Enhance Logout Functionality HOT 2
- 💡 [Feature] - `postLogout`-callback HOT 1
- 💡 [Feature] - Allow for passing arbitrary arguments to `logOut()`
- Bug: codeVerifier is not set in sessionStorage (sometimes) HOT 3
- Bug: Refresh token has a fixed expiration time HOT 1
- /authorized?code complains 404 Not Found HOT 1
- Bug: Token is cleared before Logout HOT 4
- Bug: refreshAccessToken is only called once
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from react-oauth2-pkce.