Enforce session refresh in admin interface before token expires #53
Assignees
Labels
admin-interface
Issues related to the admin interface
back-end
Issue related to the back end logic of the application
enhancement
New feature or request
front-end
Issue relating to UI/UX
Comments
GabrielMajeri
added
enhancement
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Based on a discussion with George, we've determined that we should somehow handle the scenario where the user's JWT authentication token has silently expired and the API calls start failing for no apparent reason.
The only solution we can use (since NextAuth doesn't retrieve or store the refresh token from MS365) is to force the user to periodically sign in back into the app some time before the token expires, to ensure it stays fresh. We can implement a check to do so, but we should also display a message to the admin to let them know they're going to be signed out and will lose any unsaved changes. This could be done using a toast notification or some banner at the top of the page.
The text was updated successfully, but these errors were encountered: