Feature:
Refresh an existing access_token inside getSession
Description:
The current implementation of getAccessToken already does that; it checks the token expiration date, and if a refresh_token exists then it refreshes the first one.
On the other side getSession does not seem to do this. Therefore, since a user can access the access_token through this method, one can easily run into a 401 by using the token provided.
If getSession called internally getAccessToken to populate the token, the problem would be solved.
In addition to this, I want to take the opportunity to suggest improving the exception management within withPageAuthRequired, so when some exceptions are thrown the user gets redirected to the login screen. This way, lots of internal server errors would be saved.
Use-case:
I currently have a default layout which requires authentication. On load, it reads the access_token to perform data fetching from my backend. The thing is that I randomly get 401s when I use the app from time to time, and after some search I trully think this is due to using getSession instead of getAccessToken.