Detect user’s JWT expired #1705

New Issue

jtojnar · 2020-02-18T05:53:49Z

jtojnar commented

2020-02-18 05:53:49 +00:00

When JWT expires, the front-end should show a login form instead of throwing a bunch of errors in notifications.

Though we should make sure that data is not discarded, for example when JWT expires during the time user is editing a task description.

When JWT expires, the front-end should show a login form instead of throwing a bunch of errors in notifications. Though we should make sure that data is not discarded, for example when JWT expires during the time user is editing a task description.

konrad commented

2020-02-18 18:17:54 +00:00

The second part sounds slightly harder to solve.

At best, the jwt token would be renewed in reccurring intervals, in the best case we could do this with some support of the service worker

The second part sounds slightly harder to solve. At best, the jwt token would be renewed in reccurring intervals, in the best case we could do this with [some support of the service worker](https://stackoverflow.com/a/44783400/10924593)

tpansino commented

2020-06-12 17:18:14 +00:00

The main reason the JWT expires is that the user leaves the app or tab to do something else, no? So if it's possible with the workers or some other browser hook, on resume of the app/tab session, do a quick check to see if the JWT is valid, and redirect to login if not.

I'm not a front-end engineer, but that should generally prevent the user from having a chance to enter in data in a form that might be lost, no?

The main reason the JWT expires is that the user leaves the app or tab to do something else, no? So if it's possible with the workers or some other browser hook, on resume of the app/tab session, do a quick check to see if the JWT is valid, and redirect to login if not. I'm not a front-end engineer, but that should generally prevent the user from having a chance to enter in data in a form that might be lost, no?

konrad commented

2020-06-12 18:03:51 +00:00

Checking (and maybe renewing) if a tab becomes active sounds like a good idea. My solution so far was to simply try to renew the token every few minutes, but that seems to have issues.

I've pushed an update to attept renewing the token every time the browser tab gains focus again in dc29604f94. We'll see how this works in practice.

Checking (and maybe renewing) if a tab becomes active sounds like a good idea. My solution so far was to simply try to renew the token every few minutes, but that seems to have issues. I've pushed an update to attept renewing the token every time the browser tab gains focus again in https://kolaente.dev/vikunja/frontend/commit/dc29604f94634e20de2b14481cb6ddf1b46d3fcc. We'll see how this works in practice.

konrad commented

2020-11-12 19:23:41 +00:00

I havn't noticed any issues with renewing the token every time the window gains focus so far, therefore I'll close this issue. The error handling was also improved so that you'll just get redirected to the login page if you visit Vikunja after a token expired - no confusing error message.

Feel free to reopen if you encounter any issues.

I havn't noticed any issues with renewing the token every time the window gains focus so far, therefore I'll close this issue. The error handling was also improved so that you'll just get redirected to the login page if you visit Vikunja after a token expired - no confusing error message. Feel free to reopen if you encounter any issues.

konrad closed this issue

2020-11-12 19:23:41 +00:00

konrad referenced this issue from a commit

2024-02-07 14:00:33 +00:00

fix(deps): update sentry-javascript monorepo to v6.19.0 (#1705)

Sign in to join this conversation.