You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Also, you have to make 3 calls to refresh an expired token:
The call you actually want to make, which is denied and returns that the token has expired
The token refreshing call -> returns the token so you can save client side
The call you actually want to make, again (now with the refreshed token)
I don't know if theres a specific reason for it, but it seems a bit like bad design for me. Perhaps a better workflow with one round trip to the server would be:
The call you actually want to make -> Server side checks that the token has expired, checks for the refresh window -> if it's in the refresh window, make the call and return 'token expired' with a new token. You check and save the token client side.
Trying to Refresh a token returns "Invalid token":
Fixed when I remove the refresh rout from the api.auth middleware group:
The text was updated successfully, but these errors were encountered: