search

akveo / nebular

:boom: Customizable Angular UI Library based on Eva Design System :new_moon_with_face::sparkles:Dark Mode
https://akveo.github.io/nebular
MIT License
8.06k stars 1.51k forks source link

No Refresh Token expiry technique #1237

Open ghost opened 5 years ago

ghost commented 5 years ago

Issue type

I'm submitting a ... (check one with "x")

Issue description

Current behavior:

When using both access and refresh tokens, there is a tactic to refresh the access token, but not to handle when a Refresh tokens expires. My server could send a request with something like {status: 401, message: "Token expired"}

Expected behavior:

N/A

Steps to reproduce:

N/A

Related code:

Other information:

npm, node, OS, Browser

OS: Windows 10
npm: 6.4.1

Angular, Nebular

Angular: 7.2.2
Nebular: 3.1.0
Tibing commented 5 years ago

Hi @jpandaconnor, Nebular auth module handles refresh token expiration as expected. We can't do something when refresh token expired. So, if you're using some AuthGuard which calls NbAuthService, then in case of refresh token expiration NbAuthService will just say that your token invalid and can't be refreshed. In this situation, you'll be able to redirect the user to the login page. Here is the common implementation of the AuthGuard using NbAuthService:

@Injectable({ providedIn: 'root' })
export class AuthGuard implements CanActivateChild {

  constructor(private authService: NbAuthService, private router: Router) {
  }

  canActivateChild(): Observable<boolean> {
    return this.authService.isAuthenticatedOrRefresh()
      .pipe(
        tap(authenticated => {
          if (!authenticated) {
            this.router.navigate(['auth/login']);
          }
        }),
      );
  }
}
ghost commented 5 years ago

Hi,

Thank you for your solution. This has solved my query. Just thought it would be best to double check before implementing any solution.

Thank you for your help! :)