I have a requirement in AngularJS.
My user token expiry is set to one hour.
Whenever I submit a form , if the token is expired,
is there any way to hold the form value till I receive token from another API and the token is updated.
You can use the Auth Interceptor Module. If your API call receives a 401 status code, it will move your API call to a buffer, does the call to receive a new token and when the new token is received your initial API call will be executed with the new token.
Related
I have a React application and I'm using Axios to make http calls. Calls are authorized with an authorization header.
In Axios I'm using the response interceptor and in case I get a 401 from one of the calls I make another call to get a new token using a refresh token obtained upon login and stored in the browser, and then retry the original call using the new token. It works well.
The issue starts with the way it's handled in my application. I have pages where there are multiple components that request data from the server, at the same time. The page returns a 401 causing my logic to ask for a refresh token - so basically all requests are also asking for a new token using that refresh token. The issue is that the first request asking the new token is served while the others are failing - this is because when asking a new token using the refresh token a new refresh token it granted. Meanwhile the other calls for a new token all use an "old" refresh token that cannot be validated on the server side because it had been replaced on the first call - making the request fail.
Also in the above logic - the login is called more then it should - it should be called only once when the first call detects that it should.
What I'm looking for is a way that if the first call fails due to the need to refresh the token, how do I make the other calls understand that a call for a new token is already made and hang until it's returned (or retry with the newly stored token once it's available)?
I am using Google calendar API in my react native app and every time refresh token expires after a time.so how can I manage to update token in app.
create a function that fetches data from your API provider. then in that function wrap your request in a try-catch block. and if the token is invalid then it goes to catch block. in the catch block, you can check the status of your request. your API provider has a particular status code for unauthorized requests. check if it is equal to the status of your request, then update your token and recursively call your function again.
Lets say I have a method called getUsers and an API Interceptor which handles my token refresh functionality.
Here is the scenario:
I send a GET request using getUsers to:
http://example.com/api/users
My token is expired so I get a 401 error
API Interceptor refreshes my token and calls the endpoint again:
response.config.headers.Authorization = "Bearer " + response.access_token;
$http(response.config);
It works fine, but how do I actually re-use my original method (getUsers) instead of just resending $http request because I need to modify some data on callback
What really worked in my case is actually intercepting requests, not responses. So basically I have a timestamp of my token creation in my local storage which I compare to current time every time I send an API request. If it's been longer than say 10 hours (insert your lifespan) I request a new token.
I have Web Api and AngularJS to consume web Api.
when user login with credential user get access_token and refresh token with issued and expires field.
access_token is expired in each 1 minutes and allocate new token to user.
now the problem is
The time between token expired and allocation of new token to user.
if user do a page refresh then its makes an api call to load data of that page, but the access token was just expired and user does not got a new token, so old token is set in header of api call, hence user got 401 unauthorized as response and application throw user to log out.
I am using token in first time so not have much information about access_token and refresh_token
So, I do not know how to handle this situation.
advises is appreciable.
Whenever you make an API call to load data on the page, in the callback you should check the status code. If the status code is 401, get the refresh token and then make another call to the same API and then only initialize the app. Otherwise initialize the app with the old response value.
Thanks #Kushal and #sahil to provide idea.
When user's token is expired app redirect them to login page so on login page added api call to fetch token by user's refresh_token and if user has correct refresh token then assign them to new token and redirect to page which user refreshed by tracking / maintain log of current page of user are. and its working.
Thanks again.
I am generating the JWT token for a user when he logs in with correct credentials at Server side.Previously,I was storing the token in database and for every request I am getting the token from database which leads to bad practice(If i am not wrong).At client side(In my controller),i can store that token in $rootscope so that i can send that token with each and every request.I am unable to find where should i store my JWT token to access at server side for every request??
Some one,suggested me to use Redis to store JWT token.
If i use Redis,can i set maxAge for my token which deletes the token when user is idle for certain time??
Can any one please provide me the suggestions for my procedure?If it is wrong,Suggest me with a right approach!
Note:I am new to NodeJS/Express and AngularjS
JWT's have an exp claim. Set it to the time to which you want the tokens to be valid and have a check in the route if the token has expired.
If it has, send a 401. Else let the route handle the request.
The simplest way:
Add 'validDate' field to token payload when you issue new token for logged user, then check this field when processing the request. If date is expired just return 401 error