Nebular: No Refresh Token expiry technique

Created on 14 Feb 2019  路  2Comments  路  Source: akveo/nebular

Issue type

I'm submitting a ... (check one with "x")

  • [ ] bug report
  • [ x ] feature request

Issue description

Current behavior:

When using both access and refresh tokens, there is a tactic to refresh the access token, but not to handle when a Refresh tokens expires. My server could send a request with something like {status: 401, message: "Token expired"}

Expected behavior:

N/A

Steps to reproduce:

N/A

Related code:

Other information:

npm, node, OS, Browser

OS: Windows 10
npm: 6.4.1

Angular, Nebular

Angular: 7.2.2
Nebular: 3.1.0
auth needs docs question
Source
picture ghost

Most helpful comment

Hi @jpandaconnor, Nebular auth module handles refresh token expiration as expected. We can't do something when refresh token expired. So, if you're using some AuthGuard which calls NbAuthService, then in case of refresh token expiration NbAuthService will just say that your token invalid and can't be refreshed. In this situation, you'll be able to redirect the user to the login page.
Here is the common implementation of the AuthGuard using NbAuthService:

@Injectable({ providedIn: 'root' })
export class AuthGuard implements CanActivateChild {

  constructor(private authService: NbAuthService, private router: Router) {
  }

  canActivateChild(): Observable<boolean> {
    return this.authService.isAuthenticatedOrRefresh()
      .pipe(
        tap(authenticated => {
          if (!authenticated) {
            this.router.navigate(['auth/login']);
          }
        }),
      );
  }
}
picture Tibing on 18 Feb 2019
👍21

All 2 comments

Hi @jpandaconnor, Nebular auth module handles refresh token expiration as expected. We can't do something when refresh token expired. So, if you're using some AuthGuard which calls NbAuthService, then in case of refresh token expiration NbAuthService will just say that your token invalid and can't be refreshed. In this situation, you'll be able to redirect the user to the login page.
Here is the common implementation of the AuthGuard using NbAuthService:

@Injectable({ providedIn: 'root' })
export class AuthGuard implements CanActivateChild {

  constructor(private authService: NbAuthService, private router: Router) {
  }

  canActivateChild(): Observable<boolean> {
    return this.authService.isAuthenticatedOrRefresh()
      .pipe(
        tap(authenticated => {
          if (!authenticated) {
            this.router.navigate(['auth/login']);
          }
        }),
      );
  }
}
Tibing picture Tibing on 18 Feb 2019
👍21

Hi,

Thank you for your solution. This has solved my query. Just thought it would be best to double check before implementing any solution.

Thank you for your help! :)

ghost picture ghost on 25 Feb 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

nnixaa picture nnixaa  路  4Comments
obarazan picture obarazan  路  3Comments
muysewinkel picture muysewinkel  路  4Comments
suku-h picture suku-h  路  3Comments
batousik picture batousik  路  4Comments