Bloc: Dealing with expiring authentication tokens

Created on 12 May 2019 · 7Comments · Source: felangel/bloc

I've followed through the examples for login and Firebase login and they're great. I have it working just fine. One thing that has me a little confused is what to do when a JWT bearer token expires, a 401 is returned and I need to have them re-authenticate to get a new token.

What makes this a little harder is that this could happen on any call to the server. The desired behavior is to prompt them for credentials, update the current token and then resume the operation that failed.

They could be anywhere in the app.

Does anyone have some guidance or experience on how best to handle this?

TIA

question

Source

nhwilly

Most helpful comment

Ok, thanks. I’m working on it.

It’s the overall architecture that’s throwing me, but I’ve almost got it.

Sent from Mailhttps://go.microsoft.com/fwlink/?LinkId=550986 for Windows 10

From: Felix Angelov notifications@github.com
Sent: Tuesday, May 14, 2019 10:33:06 AM
To: felangel/bloc
Cc: nhwilly; Mention
Subject: Re: [felangel/bloc] Dealing with expiring authentication tokens (#287)

You can show the prompt as a modal and overlay it on top of the existing UI. That way you can just pop when finished and the user can resume what he/she was doing.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHubhttps://github.com/felangel/bloc/issues/287?email_source=notifications&email_token=ABZV5CSZPGKLFA4QNH53JG3PVLESFA5CNFSM4HMLIHX2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODVLVPNQ#issuecomment-492263350, or mute the threadhttps://github.com/notifications/unsubscribe-auth/ABZV5CQGUDNSFGM36ZDEDYLPVLESFANCNFSM4HMLIHXQ.

nhwilly on 14 May 2019

🚀1 ❤1 🎉1 😄1 👍1

All 7 comments

It's almost as if this has to be a modal dialogue, right? Sitting on top of whatever screen/operation was going on at the time?

Could I pass the context along to the authentication module on the call and handle the login operation within the authentication method?

nhwilly on 12 May 2019

Hey @nhwilly 👋
Thanks for opening an issue!

Regarding your question, you can create an interceptor and if you get a 401 you can call a callback function.

final customHttpClient = MyCustomHttpClient(onTokenExpired: () {
  // re-authenticate
});

This can be handled at the root of your application and you can display a modal like you suggested.

Hope that helps and great question 👍

felangel on 12 May 2019

👍1

Thanks for the quick answer!

And just to show what a newbie I am, would you use Dio or another package to create the interceptor?

And if I'm creating the callback at the top of the app, how does the current context find its way to be use in the navigation called by the authentication service?

nhwilly on 13 May 2019

@nhwilly no problem! You can either create your own interceptor for the http package or you can definitely use Dio.

You can just dispatch an event at the top of the app to the AuthenticationBloc, then in your Widget you can use BlocBuilder to return a different widget in response to the state change or you can use BlocListener to navigate/display a dialog etc...

Hope that helps! 👍

felangel on 14 May 2019

Felix,

Thanks, that’s what I’m doing now.

But if I’m listening to this at the top level, how do I maintain my navigational position if I have to prompt them to login?

I guess I would compare this to a redirect in a browser, right? In that situation, the original endpoint is saved and after reauthentication is complete, it is recalled.

So, to really do this right, I’d have to create a function that could be called again after successful authentication, and my navigation would have to be a modal dialogue that would complete the re-authentication and then re-execute the function. It would need the context so it could push/pop.

Would that leave the user where they were and complete the task at hand?

Sent from Mailhttps://go.microsoft.com/fwlink/?LinkId=550986 for Windows 10

From: Felix Angelov notifications@github.com
Sent: Monday, May 13, 2019 10:34:36 PM
To: felangel/bloc
Cc: nhwilly; Mention
Subject: Re: [felangel/bloc] Dealing with expiring authentication tokens (#287)

@nhwillyhttps://github.com/nhwilly no problem! You can either create your own interceptor for the http packagehttps://pub.dev/packages/http or you can definitely use Dio.

You can just dispatch an event at the top of the app to the AuthenticationBloc, then in your Widget you can use BlocBuilder to return a different widget in response to the state change or you can use BlocListener to navigate/display a dialog etc...

Hope that helps! 👍

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHubhttps://github.com/felangel/bloc/issues/287?email_source=notifications&email_token=ABZV5CVYEBI7AQ7W6V2JSGLPVIQLZA5CNFSM4HMLIHX2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODVKCZOQ#issuecomment-492055738, or mute the threadhttps://github.com/notifications/unsubscribe-auth/ABZV5CTTKRN7ALDIMBK6Q4LPVIQLZANCNFSM4HMLIHXQ.

nhwilly on 14 May 2019

You can show the prompt as a modal and overlay it on top of the existing UI. That way you can just pop when finished and the user can resume what he/she was doing.

felangel on 14 May 2019

Ok, thanks. I’m working on it.

It’s the overall architecture that’s throwing me, but I’ve almost got it.

Sent from Mailhttps://go.microsoft.com/fwlink/?LinkId=550986 for Windows 10

You can show the prompt as a modal and overlay it on top of the existing UI. That way you can just pop when finished and the user can resume what he/she was doing.

nhwilly on 14 May 2019

🚀1 ❤1 🎉1 😄1 👍1

Was this page helpful?

0 / 5 - 0 ratings