Where to place the logic of “fading out” of the token?

A

Artur Karapetyan2019-07-04 08:30:57

Vue.js

Artur Karapetyan, 2019-07-04 08:30:57

Hello, there is

vuex action for login

login: ({ commit, dispatch }, data) =>
    new Promise((resolve, reject) => {
      apiClient
        .post('/auth', data)
        .then(resp => {
          const { access_token: token, expiryDate } = resp.data;

          localStorage.setItem('access_token', token);

          apiClient.defaultConfig.headers.Authorization = `Bearer ${token}`;

          commit('login', token);

          dispatch('getUserInfo');
          .....

          resolve(resp);
        })
        .catch(err => {
          localStorage.removeItem('access_token');
          console.error(err);
          reject(err);
        });
    })

data argument in action

{
  login: String,
  password: String,
  remember: Boolean
}

If remember === true was passed to the action, then the token must be saved until logout

resp.data

{
  access_token: ...,
  expiryDate: YYYY-MM-DD hh:ii:ss
}

I can’t decide where it’s better to place the logic for checking the token for rottenness with something like

if (new Date(expiryDate) >= new Date()) удалить токен...

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

V

Vitaly Khomenko, 2019-07-04
@architawr

I don't understand why this should be done on the FE side? Let BE know the lifetime of the token, and it will report the fact of decay when requested. You were given a token, you remember it and use it. If, upon request, the server returned a status code about a rotten token, then only then do you make a request to regenerate the token or re-authorize, depending on the specifics of the project.