Comments (2)
Thanks for the detailed description @fa-sharp. This is a good point. There is no easy way for the frontend (on its own) to know if the 401 is cause of an expired access token vs some other reason.
The only reliable solution is for the backend to send a message along with the 401 indicating to the frontend that the 401 is cause of an expired access token.
Right now, from our SDKs, the backend sends a message like "try refresh token" which the frontend could check for, however, we do have several users who have made their own backend SDK and there is no guarantee that they will return the same message to the frontend.
Due to this, if we have to enforce such a message (which I think is a good idea), then this would be a breaking change. As a result, we will want to release this coupled with other breaking changes. So it's not going to happen very soon.
As a work around, you can:
- Send a different status code for your custom need (as described by you)
- You can set a different status code for session expiry using the
sessionExpiredStatusCode
config (will need to be set on the backend and frontend) - You could fork the supertokens-website repo and make the change to also check the response body in these places:
- If using axios:
- https://github.com/supertokens/supertokens-website/blob/master/lib/ts/axios.ts#L157
- https://github.com/supertokens/supertokens-website/blob/master/lib/ts/axios.ts#L203
- https://github.com/supertokens/supertokens-website/blob/master/lib/ts/axios.ts#L344
- https://github.com/supertokens/supertokens-website/blob/master/lib/ts/axios.ts#L374
- If using fetch:
- If using axios:
Keeping this issue open until it's resolved.
from supertokens-website.
Sounds good 👍, thank you! I didn't realize you can set a custom status code for session expiry, that's an interesting solution.
from supertokens-website.
Related Issues (20)
- Other API's not part of Supertokens API being blocked in Safari browser HOT 2
- Test XHR interception during angular component mount
- Copy paste code samples with firefox does not copy newlines HOT 1
- Calling session refresh on sign out (due to 401) throws error when refresh API blocked with chrome HOT 1
- doesSessionExists should check the front-token validity and refresh if necessary HOT 6
- Do not rely on front-token if st-access-token is available
- Restructure/split up fetch.ts
- Infinite session refresh HOT 5
- Add refresh token to refresh request in header based auth even if access token is missing HOT 1
- Allow disabling interceptors for user API calls HOT 3
- make setting headers in request object consistent
- Support Module Augmentation in TypeScript
- XHR interceptor not respecting axios interceptor HOT 8
- Axios interceptor uses stale access token after refresh
- Using multiple auth providers at the same time can cause an infinite refresh loop
- Fetch interceptor breaks fetch api. HOT 1
- Allow interception for different ports on the same domain HOT 1
- Empty response header for st-access-token and st-refresh-token are removed by Vercel proxy HOT 2
- Fetch interceptor causing error in development when using an ad blocker HOT 3
- Do not store tokens in frontend cookies by default in header based auth
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from supertokens-website.