Refresh Token Strategy

[Rykuno]

As far as I can tell, the GQLAuthGaurd.ts will throw an UnauthorizedException if a token is expired; letting the client know to issue a call to refresh the access token.

Does this mean the browser could be using an old token to identify itself if a call to a protected route(with the auth gaurd which verifies) is never made?

I'm looking for a way to essentially check the validity of tokens upon each call and to apply it globally utilizing the APP_GUARD. I'm a bit new to Nest and looking for how I might go about it utilizing this repo.

Some guard globally that says
(1) If client has an access token, check validity and issue an error to refresh if needed
(2) If client has no access token(is not logged in) do nothing

  {
      provide: APP_GUARD,
      useClass: ValidSessionGuard,
    },

[Rykuno]

Essentially I wanted to verify each token so it wouldn't just refresh the access token on private routes and I could access context in any resolver without a guard. Here's how I solved it.

global-auth-guard.ts

import {
  Injectable,
  ExecutionContext,
  UnauthorizedException,
} from '@nestjs/common';
import { AuthGuard } from '@nestjs/passport';
import { GqlExecutionContext } from '@nestjs/graphql';

@Injectable()
export class OptionalAuthGuard extends AuthGuard('jwt') {
  getRequest(context: ExecutionContext) {
    const ctx = GqlExecutionContext.create(context);
    return ctx.getContext().req;
  }

  handleRequest(err, user, info) {
    if (info?.name === 'TokenExpiredError') {
      throw new UnauthorizedException();
    }

    if (err) {
      throw err || new UnauthorizedException();
    }

    return user;
  }
}

Then in your app.module.ts set it as a global provider

...
  providers: [
    AppService,
    AppResolver,
    DateScalar,
    {
      provide: APP_GUARD,
      useClass: OptionalAuthGuard,
    },
  ],