Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
dan-pud8584yThat sounds like a bad idea. What are you using to manage your tokens?
Services like Cognito or Auth0 can just do it for you. -
@dan-pud keycloak, and i can just get new tokens fine.
But im also using apollo client(because graphql), and theres nobody talking about how to handle expired keys with that -
dan-pud8584y@dakkarant whether you're using rest or graphql the logic should be the same. Request tokens from service. Attach a token to a request, the server checks it, if valid process request, if expired (or not valid) reject request. Client then needs to go back to token service and exchange refresh token then try the request again with the new token.
Managed services and sdks will do all this for you in background. -
@dan-pud yes the whole refreshing thing works, but apollo doesnt have anything build in it seems to retry on a failed request
(they do but that only triggers on network errors, not graphql errors)
Related Rants
-
rudinskiz11how to be a shitty client: - have a legacy database where column names are misspelled and everything is nulla...
-
pseudoaj1Worst coding mistake: forget to remove print statement that prints user authentication details.
-
delegate2128We have a portal which uses Windows Integrated auth that lists out all off our internal sites. Navigating to...
fuck it, im giving my users permanent access tokens, because for some reason using refresh tokens is black magic to the internet -.-
rant
auth