Skip to content

Proposal: Enable flexible token refresh

Background

Hello, continuing from #19, I would like to discuss a feature that I think would be beneficial.

Current Challenge

Regarding token refresh, the timeout is currently set by Effect and is executed when the timeout occurs. This timeout is set to 30 seconds before the token expires, as defined by REFRESH_TOKEN_SECONDS_BEFORE. As a result, if a user whose ID token or access token has expired attempts to resesson within the refresh token's validity period, this Effect does not apply, and the user is required to log in again.

Proposed Enhancements

To further improve the user experience, it would be nice to have a mechanism that refreshes tokens appropriately when resuming a session.

For example

  • If the refresh token expires when reading TokenStorage, call refresh_token_request() at that time.
  • Make it possible to change the timeout time set in Effect in AuthParameter. (A mechanism to skip this if only the ID token is present may also be necessary)
  • Allow library users to refresh tokens at any time. This could be achieved by wrapping refresh_token_request() in something like an Action and exposing it externally via AuthSignal, etc.

I hope this library continues to grow!

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information