##Before getting to the actual question
Alright I have created my own authentication system that I am going to use on my API.
/signup the user types in username, password etc… the API grants the user with
tokens which are stored in the user document in the database. The API also returns with a response body with the new
accessToken, my thought here is so the app easily can store the tokens on the phone for later calls to the API.
/login is pretty much the same thing except you only provide username and password.
One of the routes in the API is the
/article which you can
Now if you try to for example
/article and your
accessToken is expired the API will automatically call
/token which requires the
refreshToken in the header, the
/token will then grant you a new
accessToken and request the same route you were trying to get (in this case
/article) with the new
accessToken in the header.
What is the best way to update the
accessToken in the app with the new
router .route('/article') .get( AuthenticateController.authenticate, NewsController.getAllArticles, AuthenticateController.sendAuthorize );
This is how I do it now,
AuthenticateController.authenticate authenticates the accessToken and checks if it is expired and all that then calls
NewsController.getAllArticles gets all the articles and also calls
next() so the
AuthenticateController.sendAuthorize can run and return the new
accessToken in the response header when a new one is granted (I thought this would make it easier to obatin the new token in the app). This is where my question comes in because I can’t call
next() on every route because on some routes the main function already returns a response and that means that
next() cannot be called which means
AuthenticateController.sendAuthorize will never run. I want the
AuthenticateController.authenticate to be the only middleware required to authenticate the user.