Redirect user to login if the JWT has expired

[jasoncavanaugh]

Currently, if the JWT has expired, the app fails to load, and the user has to manually delete the token. Instead, the user should be redirected to the login page, preferably with a toast notification stating that their session has expired.

[mattsahn]

Thanks, @jasoncavanaugh. How does one manually delete the token?

Is this the place where the handling would need to be added? https://github.com/grassrootsgrocery/admin-portal/blob/256b8cded97fb6b5f3931433a695fa531e8861e7/server/middleware/authMiddleware.ts#L17

[jasoncavanaugh]

Hi @mattsahn , to manually delete the token, you would navigate to the portal -> right-click in the browser -> inspect -> click the "Application" tab -> click the "Local Storage" dropdown -> select "token" -> right click on "token" in the right panel and select "Delete".

If we were to redirect to login when the token expires, I was thinking that it would probably involve frontend changes. We would catch the error on the client and check to see what kind of error is returned, and then redirect if the error was that the token had expired. I don't think we are currently throwing a specific enough error from the backend if the token expires, so this would require some small backend changes as well. Theoretically, it wouldn't be too difficult, but I also haven't thought it out entirely.

Another possibility would be to simply set the token to never expire. That might be an easier way around this issue.