Blazor Wasm - LoginDisplay and expired tokens

[DavidAJohn]

One thing that has always bugged me about the authentication state provider that everyone uses in Blazor (which is based on Steve Sanderson's 2019 Mission Control demo) is that it doesn't account for expired tokens, so if a user has any Store-created token in local storage, the value of Identity.IsAuthenticated remains true.

I don't want to force unauthenticated users to a login screen in the Store - although we should for Admin - but I would like the LoginDisplay form to check if the token is still valid and either ignore it or delete it if it isn't.

I was reminded of this when working on the Marketing client and seeing how you can deal with this comparatively easily in Angular.

[DavidAJohn]

Someone mentiond this exact problem in the comments under a Chris Sainty article here.

Their solution was: "I handled it by checking the expiration date when getting the cookie from local storage in GetAuthenticationStateAsync. If the cookie was expired, I just acted like I didn't have one in local storage."

That method is in the provider class itself. This is pretty much what I had in mind.

Or, as Chris suggested to another user who raised the issue:

"You will need to handle that in your code. I would suggest when you make an API call and you get a 401 response, you log the user out of the Blazor app."