V8-archive: Auth token is not refreshed

What version of the app? How did you log in (SSO?)? Do you have any extensions that might interfere? What browser?

We could really use some more info cause there's no way to reproduce this issue based on the description you've provided..

I installed the latest version of the app (7.9.0), signed in via username/password through the Apps's signin box. I tested it on 3 different browsers with no plugins:

• Chrome (75.0.3770.142)
• Firefox (68.0.2)
• Safari (12.1.2)

All browsers behave exactly the same, no token refresh requests. The only periodic request I get, is the server ping.
I'm hosting the app on S3, not sure if that could be a potential cause of this issue.

I can reproduce the issue and the cause is the null payload. The api.loggedIn check returns false if the payload in SDK is null. The payload is generated with the help of token. The initial token when logged in looks like this:

eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6MSwiZXhwIjoxNTY3MDczODQ0LCJ0eXBlIjoiYXV0aCIsImtleSI6Ijx0eXBlLWEtcHVibGljLWF1dGhlbnRpY2F0aW9uLWtleS1zdHJpbmc-IiwicHJvamVjdCI6Il8ifQ.rPjDJjTNVoqACyEn2FFu0_TM1hZpBBUkoxZglE4LsSk

While the refresh token endpoint returns this token:
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.Im51bGwi.KIGRv7EhA9410Tk-B6PaAi_t2_1pgBE5DacNRrEA-zQ

As you can see the formats are different and hence getPayload method fails to generate payload.

@bjgajjar Any idea why the token formats are different?

Yes, 2FA PR is the reason behind a different format in a refresh token.

Let's move this to API

Fixed in https://github.com/directus/api/pull/1233

I hoped this issue was fixed in 2.6.0, but unfortunately the problem still occurs. I'm using e-mail/password for login.

For example, after logging in the token eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6MSwiZXhwIjoxNTY5MzQ1OTUwLCJ0eXBlIjoiYXV0aCIsImtleSI6ImFmMTI2NzM0LTFmZWMtNGI1OC05ZDNkLWUxNDZmZjgwZWRmMiIsInByb2plY3QiOiJfIn0.wDX9_kOpRGXnDr97YW5JxEU92QjSUtacXGZf9L0WLiY was received.

Decrypting it results the following payload:
{ "id": 1, "exp": 1569351022, "type": "auth", "key": "af126734-1fec-4b58-9d3d-e146ff80edf2", "project": "_", "jti": "50702ce6-c11c-46c9-9e64-2612c307fd61", "iat": 1569347422 }

After a while when the App refreshes I receive the token: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.Im51bGwi.pdKuwHJ7M2IqJfksDypw-C2NtCS8juuY8Lqgts59DF4

Decripting this results in the payload:
{ "0": "n", "1": "u", "2": "l", "3": "l" }

This means that after the first refresh I have to login again. The App refreshes after 20 minutes, but the SDK-js, by default, refreshes after 5 minutes. It's annoying. Hope this can be fixed.

Hey @ErwinLiemburg — we have an entire new auth flow that resolves this issue and several others. It also adds the ability to stay logged in for any amount of time. It will be released in our next version in about 2 weeks.

@benhaynes That sounds great. Can't wait to get it.

Hey @ErwinLiemburg — we have an entire new auth flow that resolves this issue and several others. It also adds the ability to stay logged in for any amount of time. It will be released in our next version in about 2 weeks.

The version has been already released? I just update to rc98 and the APP don't refresh the token anymore respect to rc95 working perfectly. It means after sometime I need to manually reload page to login again.