[CON/TP]: Handle the "unauthorized error" case when the JWT token expires

Question

[CON/TP]: Handle the "unauthorized error" case when the JWT token expires

Closed this issue a year ago · 0 comments

Context/background

In our codebase, Loopback carries the authentication of the users by creating a JWT token for an existing user for their login session. JWT token has one week expiration time. When a token expires, the user needs to re-authenticate and obtain a new token to be able to log in to CON/TP. Currently, if the token has expired and the user opens CON/TP, they get a blank profile page.

What needs to be done?

To handle this scenario, we can implement a process where frontend checks if the JWT token is still valid. If the token has expired, the nestjs can return a specific HTTP status code, such as 401(Unauthorized), to indicate that the token is no longer valid. The frontend can then handle this error response by redirecting the user to the login page and displaying an informative error message (such as “Your login session has expired. Please log in again.”).

In libs/data-access/src/lib/graphql-client.ts update the mechanism in graphql client that checks if status code of nestjs response is 401 unauthorized. If so, execute the following logic:
Clear the local storage
Redirect to login page
Include an error message showJwtTokenExpiredMessage