If a user opens Laxy, authenticates and then leaves the tab open for a long time, the auth tokens can expire but the app still appears logged in (but attempting various operations, eg remote file browsing, will result in a 401 error dialog).
Expected behaviour
If the users authentication has expired, the UI should clearing indicate this and prompt them to login.
This would probably be implemented as an automatic redirect to the login page when a 401 status code is received for most API calls.
An alternative would be to use the /api/v1/ping endpoint, and include expired authentication status in the response - if ping response shows they have expired auth tokens, redirect to the login page. The disadvantage of this is that users with expired auth would be redirected top /login even on public pages, or ?access_token= URLs.
Observed behaviour
If a user opens Laxy, authenticates and then leaves the tab open for a long time, the auth tokens can expire but the app still appears logged in (but attempting various operations, eg remote file browsing, will result in a 401 error dialog).
Expected behaviour
If the users authentication has expired, the UI should clearing indicate this and prompt them to login. This would probably be implemented as an automatic redirect to the login page when a 401 status code is received for most API calls.
An alternative would be to use the
/api/v1/pingendpoint, and include expired authentication status in the response - if ping response shows they have expired auth tokens, redirect to the login page. The disadvantage of this is that users with expired auth would be redirected top/logineven on public pages, or?access_token=URLs.