How to refresh JWT token using interceptors in angularjs? -


i having application back-end implementation in lumen gives jwt token every time user logs in. front end using angular save token in local storage , adding headers in subsequent requests. check expiry of token , refresh creating request using https://github.com/auth0/angular-jwt

i adding token refresh code in config of app method never called when make other requests here code tried.

app.config(function config($httpprovider, jwtinterceptorprovider) {     jwtinterceptorprovider.tokengetter = function(jwthelper, $http,$localstorage) {      if ($localstorage.currentuser) {     var token = $localstorage.currentuser.token;     if (jwthelper.istokenexpired(token)) {        return $http({         url: 'http://backend.mywebsite.com/token',         method: 'get'       }).then(function(response) {         var token = response.token;       $localstorage.currentuser.token = token;       $http.defaults.headers.common.authorization = 'bearer ' +   $localstorage.currentuser.token;         return token;       });     } else {       return token;     }   } } $httpprovider.interceptors.push('jwtinterceptor'); }); 

i know how configure functionality whenever token expires automatically refeshed , set in http headers?

points should consider

  1. you shouldn't change default headers inside tokengetter function.
  2. if token expired, can't call token endpoint.

you have 2 options, can use refresh tokens , make post request delegation endpoint makes use of refresh tokens obtain new(not-expired) token.

or

you can update jwt delegation endpoint , request new access token before token expires. if token has expired , there no refresh_token, can't anything.

a refresh token special kind of jwt used authenticate user without them needing re-authenticate. carries information necessary obtain new access token.

in other words, whenever access token required access specific resource, client may use refresh token new access token issued authentication server. common use cases yours include getting new access tokens after old ones have expired, or getting access new resource first time. refresh tokens can expire rather long-lived.

a sample code example using refresh token obtain new token after token has expired can found below:

angular.module('app', ['angular-jwt'])     .config(function config($httpprovider, jwtinterceptorprovider) {         jwtinterceptorprovider.tokengetter = function(jwthelper, $http) {             var jwt = localstorage.getitem('jwt');             var refreshtoken = localstorage.getitem('refresh_token');              if (jwthelper.istokenexpired(jwt)) {                 // promise of jwt id_token                 return $http({                     url: '/delegation',                     // not send jwt call                     skipauthorization: true,                     method: 'post',                     refresh_token : refreshtoken                 }).then(function(response) {                     localstorage.setitem('jwt', response.data.jwt);                     return jwt;                 });             } else {                 return jwt;             }         }         $httpprovider.interceptors.push('jwtinterceptor');     }) 

if want more information refresh tokens , how work, can check out article.


Comments

Popular posts from this blog

Spring Boot + JPA + Hibernate: Unable to locate persister -

go - Golang: panic: runtime error: invalid memory address or nil pointer dereference using bufio.Scanner -

c - double free or corruption (fasttop) -