search

boolean-uk / team-dev-server

3 stars 12 forks source link

As a user, so that I know I need to re-login, I'd like the app to take me back to the login page once my token has expired. #44 #243

Open CoderManSam opened 1 year ago

CoderManSam commented 1 year ago

-in generateJWT, add a variable to the paylaod with the date and time that the token is generated.

-in validateAuthentication add a check that checks that the date/time variable + the token expires_in has/hasn't surpassed the current date/time, if it has return an error 401 saying "token has expired"

vherus commented 1 year ago

The JWT should have an iat property which holds a unix timestamp, this is the "issued at" date/time:

{
  "id": 5,
  "username": "sam",
  "iat": 1516239022
}

I'd decode the existing token to check if that exists first, if it doesn't then that's the property you should add to the payload to track when the token was created.

The "token has expired" message is great for the server-side response, I recommend the frontend devs display a more user friendly message like "Your session has expired. Please login again."

Approved!