Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Token lifetime / Expiration #60

Open
Schoof-T opened this issue Feb 12, 2024 · 3 comments
Open

Token lifetime / Expiration #60

Schoof-T opened this issue Feb 12, 2024 · 3 comments

Comments

@Schoof-T
Copy link

Schoof-T commented Feb 12, 2024

I'm trying to understand the BFF pattern better and I have a question.

How do we check if the access token we are using is still valid? Should we not be redirected to the login page after a certain period, or is all of that handles automatically by some middleware? How is this checked and performed?

Currently it seems to me, once you login, you're logged in forever. The auth cookie / token just seem to stay valid forever, I can leave the application, come back the next day and still be signed in.

Sorry if this is not the correct place to ask this, but I wasn't sure where else to. 😅

Thanks

@damienbod
Copy link
Owner

Hi @Schoof-T When you get the AT back from the identity provider. a expired by property is also returned. You need to read this and set the cache to expire or implement the refresh process using this

Greetings Damien

@Schoof-T
Copy link
Author

Schoof-T commented Mar 1, 2024

Thanks! Would be nice to have an example of this in the template, I feel like it's something every application needs right?

@damienbod
Copy link
Owner

True, I wanted to keep the template basic, I should have an example somewhere, if not I will crate one, but I am busy and have a backlog infront of this

Greetings Damien

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants