How should we handle session expiration? I can think of a few options which aren't mutually exclusive.
1. Allow users to register a callable that is called whenever a 401 is detected.
Handy if you always want to perform the same action when the user is not authenticated. One disadvantage here is the inability to replay the request that failed due to an expired session.
2. Track and anticipate expiration ourself
Registering a callback as explained in (1) above would be required. Anticipating the expiration would avoid failed calls that need to be replayed.
3. Do nothing as we currently do, but add methods for getting and setting the access token.
Give developers the tools they need to respond in any way they like.
How should we handle session expiration? I can think of a few options which aren't mutually exclusive.
1. Allow users to register a callable that is called whenever a 401 is detected.
Handy if you always want to perform the same action when the user is not authenticated. One disadvantage here is the inability to replay the request that failed due to an expired session.
2. Track and anticipate expiration ourself
Registering a callback as explained in (1) above would be required. Anticipating the expiration would avoid failed calls that need to be replayed.
3. Do nothing as we currently do, but add methods for getting and setting the access token.
Give developers the tools they need to respond in any way they like.