Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Token may be expired by the time server receives it #1843

Open
4 of 5 tasks
aghArdeshir opened this issue Mar 28, 2023 · 0 comments
Open
4 of 5 tasks

Token may be expired by the time server receives it #1843

aghArdeshir opened this issue Mar 28, 2023 · 0 comments
Labels
bug

Comments

@aghArdeshir
Copy link

Version

module: 5.0.0-1667386184.dfbbb54
nuxt: ^2.16.2

Nuxt configuration

mode:

  • universal
  • spa

Nuxt configuration

Reproduction

⚠️ without a minimal reproduction we won't be able to look into your issue

What is expected?

User is logged in, they open a page in the app, the page initiates a request, the nuxt auth module checks if the token is expired or not, suppose it is 12:00:00 and the token expiration time is 12:00:01. The nuxt auth module decides it is not necessary to refresh the token and proceeds with the original request without refreshing token. Because of DNS hop, maintainance error, time skew between user and authentication/oidc server, or whatever, the request takes 2 seconds to reach the server and by the time the server is examining it, the token is already expired.

When an $axios request is being initiated, according to configs having global: true nuxt auth module checks if the token is expired and refresh token is valid, and if that is the case, it does not send any request to refresh token, but if the token is expired, and refresh token is active, it sends a request to refresh the token before proceeding with the original $axios request. I expect this check to consider time difference between when the request is initated and the time the server receives the request. (Ideally by a config option)

I expect there to be an option in the config that I can set to presume a "n" number of seconds to check for token expiration before sending request. Based on my server or requirements or importance of the application I can adjust "n" to 1 second, 2 seconds, 5 seconds or 10 seconds or whatever.

Psuedo code of what I have in mind:

userAdjustedTimeSkew = 5000 (milliseconds)
if (token.isExpired || token.expirationTime - currentTime > userAdjustedTimeSkew) {
  await refreshTOken()
}
proceedWithORiginalReuest().

What is actually happening?

We experienced this actual scenario on a slow internet connection. The token was vlaid when JS in browser was examining it, but by the time the server received it, it was expired and 401 was returned. Our users may experience a slow connection too.

Steps to reproduce

// hard to reproduce, I cannot setup a temporary auth server and make it be slow!

Additional information

Checklist

  • I have tested with the latest Nuxt version and the issue still occurs
  • I have tested with the latest module version and the issue still occurs
  • I have searched the issue tracker and this issue hasn't been reported yet

Steps to reproduce

What is expected?

What is actually happening?

Performance analysis?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@aghArdeshir