Right now when a token expires, a page refresh is pretty much needed. We don't give any way of hooking into the event to detect a failure to authenticate, so the experience is really bad.
We should make Horizon.hasAuthToken() check whether the jwt is expired. Without including the server public key in our JWTs (which we don't) a user could spoof the expiration date in the jwt, but in the worst case it should just cause us to get an error from the server (which does validate the signature).
deontologician
commented
8 years ago
Right now when a token expires, a page refresh is pretty much needed. We don't give any way of hooking into the event to detect a failure to authenticate, so the experience is really bad.
We should make
Horizon.hasAuthToken()check whether the jwt is expired. Without including the server public key in our JWTs (which we don't) a user could spoof the expiration date in the jwt, but in the worst case it should just cause us to get an error from the server (which does validate the signature).