[CON/TP]: Handle the "unauthorized error" case when the JWT token expires
Closed this issue · 0 comments
Context/background
In our codebase, Loopback carries the authentication of the users by creating a JWT token for an existing user for their login session. JWT token has one week expiration time. When a token expires, the user needs to re-authenticate and obtain a new token to be able to log in to CON/TP. Currently, if the token has expired and the user opens CON/TP, they get a blank profile page.
What needs to be done?
To handle this scenario, we can implement a process where frontend
checks if the JWT token is still valid. If the token has expired, the nestjs
can return a specific HTTP status code, such as 401(Unauthorized)
, to indicate that the token is no longer valid. The frontend
can then handle this error response by redirecting the user to the login page and displaying an informative error message (such as “Your login session has expired. Please log in again.”).
- In
libs/data-access/src/lib/graphql-client.ts
update the mechanism in graphql client that checks if status code ofnestjs
response is401 unauthorized
. If so, execute the following logic: - Clear the local storage
- Redirect to login page
- Include an error message
showJwtTokenExpiredMessage