Spree api v2 always generate token in each request
channainfo opened this issue · 1 comments
Spree Rest API v2 regenerate access token in each request, this means that access token need to be generate at the client side as well, for example:
- User logins in into the app using username and password as described here: https://github.com/spree/spree-storefront-api-v2-js-sdk#gettoken.
- We get the response token (access token, refresh token and other things). We save the response token in a persistent storage.
- Client sends a request to an endpoint for example product details endpoint using access token we saved in the persistent storage , the server process the request and then regenerate the access token.
- Client sends another request to the server, As server regenerated access token then our current access token in the storage is no longer valid. we have to get the new access token using refresh token. So we will end up generating access token using refresh token before sending to an endpoint, i.e we are required to call two requests.
Is this too overloaded? The server regenerate the access_token, in case of this lib, we also have to generate the access token making number of access token records created twice in the server.
Is there any approach to handling this? This is the case I face to build an app in flutter using Spree REST Api v2.
Describe the solution you'd like.
I think it is better to allow client to generate token with JWT, and then the server validate the token using secret key shared by client and server. The token can be generated every time by the client before sending request to the server.
Hi @channainfo,
In stock Spree 4, the access token is not required to fetch product details. Also, the access token doesn't need to be regenerated on every request. The default expiration time is 2 hours as defined by Doorkeeper.
Can you please provide example code and specify the Spree version you use?