I am trying to implement refresh tokens right now
I have passed the getAccessTokenSilently function for fetching access tokens + refreshing access tokens directly to my axios instance so that it will automatically attach the header before making API requests to my server
export const addAccessTokenInterceptor = (
getAccessTokenSilently: () => Promise<string | undefined>
) => {
axiosClient.interceptors.request.use(
async (config: any) => {
const accessToken = await getAccessTokenSilently();
return {
...
headers: {
...config.headers,
'x-auth-token': accessToken,
},
};
},
(error) => Promise.reject(error)
);
};
I have refresh token rotation turned on, and the happy path seems to work fine. When the access token is almost expired, a new one is fetched and replaces it.
However, when I try to test revoking the refresh token, I notice that a new valid access token is still being regenerated. What I expected to happen is for the Promise.reject(error) above to fire, but it doesn’t.
But when I look in the network tab, I do see that the refresh token was marked as invalid when trying to fetch a new token:
Why is a new valid access token being returned even though the refresh token is invalid? Is there a way to catch the error or fire a callback if it fails?