Interceptor
tarsil opened this issue · 0 comments
tarsil commented
Nice boilerplate by the way and thank you for inspiring me on this but I realised that there is something there that is missing (interceptor). You validate for 403 and 401 if the request is the same as the refresh and for 403 if something else but you forgot to validate for a 401 in case the user token is no longer valid but the token is still refreshable (Google recommends a maximum of 200 days for refreshable tokens).
return next.handle(request).pipe(catchError(error => {
const isRefreshable = this.authService.isRefreshable();
if ( error instanceof HttpErrorResponse && (error.status === 401 || error.status === 403)
&& request.url === `${environment.apis.v1}/auth/token/refresh`) {
// We do another check to see if refresh token failed
// In this case we want to logout user and to redirect it to login page
// console.log('on your way out')
this.authService.logout();
return throwError(error);
}
else if (error instanceof HttpErrorResponse && error.status === 403) {
return this.handle403or401RefreshError(request, next);
} else if (error instanceof HttpErrorResponse && error.status === 401 && isRefreshable) {
return this.handle403or401RefreshError(request, next);
} else {
return throwError(error);
}
}));Becoming something similar to the above (I renamed the 403 function)