Random
04/12/2023, 5:35 PMrp
04/12/2023, 5:37 PMimport Session from "supertokens-auth-react/recipe/session";
Session.init({
onHandleEvent: (context) => {
if (context.action === "SIGN_OUT") {
// called when the user clicks on sign out
} else if (context.action === "REFRESH_SESSION") {
// called with refreshing a session
// NOTE: This is an undeterministic event
} else if (context.action === "UNAUTHORISED") {
// called when the user doesn't have a valid session but made a request that requires one
// NOTE: This event can fire multiple times
if (context.sessionExpiredOrRevoked) {
// the sessionExpiredOrRevoked property is set to true if the current call cleared the session from storage
// this happens only once, even if multiple tabs sharing the same session are open, making it useful for analytics purposes
}
} else if (context.action === "SESSION_CREATED") {
// Called when session is created - post login / sign up.
} else if (context.action === "ACCESS_TOKEN_PAYLOAD_UPDATED") {
// This is called when the access token payload has been updated
}
}
})
Random
04/12/2023, 5:40 PMsession.getAccessTokenPayloadSecurely()
works as intended but if the token is refreshed and we need to update the websocket authentication header, it will not know as there's no dependency that has changed. I think using the event system that you've posted might be useful as i might be able to update everything that depends upon the last jwt (the idea is just to provide awareness even though the components might invoke session.getAccessTokenPayloadSecurely()
)rp
04/12/2023, 5:41 PMRandom
04/17/2023, 7:36 PMSession.getAccessTokenPayloadSecurely
?rp
04/18/2023, 6:20 AMSession.getAccessTokenPayloadSecurely()
, it will refresh the session if required and add the latest jwt into it.Random
04/18/2023, 12:22 PMSession.getAccessTokenPayloadSecurely()
as what i can about is the JWT to forward to websockets/apollo client. There's no reactive state with the default Session recipe. Let's say you have a websocket connection and at some point you're JWT expired and goes into the refresh flow. The websocket exchange will fail if it doesn't get the latest JWT which i can get from Session.getAccessTokenPayloadSecurely()
but i've seen sometimes refresh happening right after the session is created 🤔rp
04/18/2023, 12:31 PMawait Session.getAccessTokenPayloadSecurely()
when adding the JWT to the socket event. Always.
> but i've seen sometimes refresh happening right after the session is created
This is odd, and shouldn't happen. How can we reproduce this?Random
04/18/2023, 1:07 PMSession.getAccessTokenPayloadSecurely()
. If you had to construct a React component that creates an apollo client, how would you guarantee that the token is always up-to-date? 🤔 (not even bringing the possibility of memoization as it would require having jwt as a dependency)rp
04/18/2023, 1:23 PMawait Session.getAccessTokenPayloadSecurely()
, and that's really the only way to guarantee.Random
04/18/2023, 1:24 PMSession.getAccessTokenPayloadSecurely()
in a dumb react component, you'll see that once the refresh flow/sign ou kicks in, the initial hydrated state that i was able to get using that Session method will never be in syncrp
04/18/2023, 1:25 PMawait Session.getAccessTokenPayloadSecurely()
as late as possible - when you are making the network request.Random
04/18/2023, 1:27 PMSESSION_CREATED
having the JWT/payload includedrp
04/18/2023, 1:30 PMRandom
04/18/2023, 1:47 PMrp
04/18/2023, 1:51 PM