Hello. This is my first time posting in this subreddit.I have a question I need some help with.I have user jwt for authentication. My node app is now sending a jwt to the client upon logging in. But now, I also want to send a refresh token. It is to my understanding, that the refresh token doesn't have to be of jwt type, but just a simple token. So, what should the flow be like?I think that I must send the refresh token with the access token after log in (the refresh token obviously will have a much bigger expiration time than the access token).As my app stands right now, I use a middleware for all protected routes to check for authentication. I guess that this is where I have to write the code for the exchange in case the access token is expired, and more specifically, in the catch case by checking the name of the error (?). But how exactly would i accomplish that?This is my middleware code.const jwt = require('jsonwebtoken');exports.checkAuthentication = (req, res, next) => {const authHeader = req.get('Authorization');if(!authHeader){const error = new Error('Not authenticated');error.statusCode = 401;throw error;}const token = authHeader.split(' ')[1];let decodedToken;try{decodedToken = jwt.verify(token, process.env.JWT_SECRET);} catch(err){// if (err.name === 'TokenExpiredError')// { check if refresh token is valid(?) and send new access token (?)}err.statusCode = 500;throw err;}if(!decodedToken){const error = new Error('Not authenticated')error.statusCode = 401;throw error;}req.userId = decodedToken.userId;next();};Could you please give me some help? :)
Submitted October 17, 2019 at 11:41AM by MonkeyDkon
No comments:
Post a Comment