Refresh an existing
The current implementation of
getAccessToken already does that; it checks the token expiration date, and if a
refresh_token exists then it refreshes the first one.
On the other side
getSession does not seem to do this. Therefore, since a user can access the
access_token through this method, one can easily run into a
401 by using the token provided.
getSession called internally
getAccessToken to populate the token, the problem would be solved.
In addition to this, I want to take the opportunity to suggest improving the exception management within
withPageAuthRequired, so when some exceptions are thrown the user gets redirected to the login screen. This way, lots of internal server errors would be saved.
I currently have a default layout which requires authentication. On load, it reads the
access_token to perform data fetching from my backend. The thing is that I randomly get
401s when I use the app from time to time, and after some search I trully think this is due to using
getSession instead of