timothyhollabaugh
commented
5 years ago Probably best to ask the user to sign in again after a permission denied from the server
Open timothyhollabaugh opened 5 years ago
timothyhollabaugh
commented
5 years ago Probably best to ask the user to sign in again after a permission denied from the server
If the user logs in an leaves the page open long enough without doing anything, the Google id token will silently expire. This will cause all requests to the backend to fail. The frontend should detect the token expiring and log the user out, show a session timeout notice, and allow the user to log back in.