How would you be able to maintain a valid token if a user were to have dashboard with 20 components loading on the page? Considering each component now does a check to see if the user session is valid, let's say your session is about to time out, and the first component initiates the refresh based on component load, and due to race conditions, the other components are late using a the expired refresh tokens. How is this setup going to handle synchronizing the token so that components load properly? Based on what the code, from what I understand, you will end up with 19 of the 20 dashboard widget components getting denied access to their paired micro-services due to expired token being sent in the header.
I am assuming a solution to this would be if I requests a token, and it fails, check the again to make sure the token hasn't changed, and resend the request again on a second attempt?
Would a possible solution be is to have everything listening on an emitted refresh token event, and if the token is refreshing, then don't execute request until token status is fulfilled? Then where the token behavior is at, execute a redirect to login if token refresh fails?
How would you be able to maintain a valid token if a user were to have dashboard with 20 components loading on the page? Considering each component now does a check to see if the user session is valid, let's say your session is about to time out, and the first component initiates the refresh based on component load, and due to race conditions, the other components are late using a the expired refresh tokens. How is this setup going to handle synchronizing the token so that components load properly? Based on what the code, from what I understand, you will end up with 19 of the 20 dashboard widget components getting denied access to their paired micro-services due to expired token being sent in the header.
I am assuming a solution to this would be if I requests a token, and it fails, check the again to make sure the token hasn't changed, and resend the request again on a second attempt?
Would a possible solution be is to have everything listening on an emitted refresh token event, and if the token is refreshing, then don't execute request until token status is fulfilled? Then where the token behavior is at, execute a redirect to login if token refresh fails?