Improve Access and Refresh Key Management in Frontend Login Implementation #1508
Labels
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Description:
The current frontend login implementation has an issue with the handling of the access and refresh keys:
Access Key Expiration: The Access Key expires after five minutes.
Expected Behavior: The Access Key should be refreshed proactively based on its timestamp before expiration using the Refresh Key.
Current Behavior:
We let the Access Key expire.
On the first "Unauthorized" response, we then refresh the Access Key.
If the refresh attempt fails multiple times, the user is logged out. Otherwise, everything continues to work as expected.
Steps to Improve:
Implement proactive Access Key refresh logic that checks the expiration timestamp.
Update the logic to refresh the Access Key before it expires, avoiding the need to handle "Unauthorized" responses.
Ensure fallback logic still gracefully handles cases where refresh attempts fail.
Impact:
Proactive handling will reduce unnecessary "Unauthorized" responses and improve user experience by minimizing disruptions.
The text was updated successfully, but these errors were encountered: