Summary
When a user logs in on the frontend, a Bearer Token is given to the frontend. This Bearer Token has an expiry date, and once hit the token is no longer valid. The frontend does not check this expiry date, so when it expires, the frontend will display normally, but doing certain actions that require authentication return as failures.
Expected Behavior
The frontend should check for token expiry on every page change. If the token has expired, unset the token in the local storage and go back to the login page.
Current Behavior
Instead of the expiry date being checked, the user is allowed to use the frontend with an expired token, but gets errors when making API requests to the backend. For example, going to the Application page results in an non-descriptive error.
Possible Solution
Every time the page changes or an API endpoint is called and fails, check for token expiry. If it is expired, unset the token and get the user to log in again.
Steps to Reproduce
- Log in to the app in the frontend
- After one day, try to load the applications page. You can check the expiry date of the current token in the inspector (Storage -> Local Session)
Summary
When a user logs in on the frontend, a Bearer Token is given to the frontend. This Bearer Token has an expiry date, and once hit the token is no longer valid. The frontend does not check this expiry date, so when it expires, the frontend will display normally, but doing certain actions that require authentication return as failures.
Expected Behavior
The frontend should check for token expiry on every page change. If the token has expired, unset the token in the local storage and go back to the login page.
Current Behavior
Instead of the expiry date being checked, the user is allowed to use the frontend with an expired token, but gets errors when making API requests to the backend. For example, going to the Application page results in an non-descriptive error.
Possible Solution
Every time the page changes or an API endpoint is called and fails, check for token expiry. If it is expired, unset the token and get the user to log in again.
Steps to Reproduce