New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Tokens seem to have a very short lifespan #73
Comments
Hi @dbesserman, the token life span is controlled by the devise-token-auth Please let me know if this solves your problem. |
Hi @00dav00
After a bit of experimentation I realized that that I do not lose the authentication after a certain amount of time. I lose the authentication when I click on another tab of my browser. If I stay on the same tab and I keep calling the API I can use the application for 5 minutes without losing the authentication. I'm using chrome, but I get the same behaviour wether I use private navigation with chrome or firefox. |
Hey @dbesserman, I think your problem might be related to this configuration So just do |
About the trackable module, we just run generator for the underlying gems that this one uses. So the generated migration at least for now, depends on Devise. Here's a link to add the trackable module https://github.com/heartcombo/devise/wiki/How-To:-Add-:trackable-to-Users. We'll try to make the readme file clearer about how to configure these gems in a better way. |
Also, if you can still make requests in one tab, that only means that the problem you are having is on the react app. Yo will have to log back in for the |
Hello @mcelicalderon. Thanks for your input. The part about the client causing the issue seems a bit odd to me. Correct me if I'm wrong but the way I understand it, the backend identifies the client through credentials that are located in the headers of the request. Here are the headers of a successful request: Here are the headers for an unauthorized request: Credentials seem to be the same. Where else can I look to see why both requests get different responses ? |
Correct, that's how the backend identifies the user. And I'm not sure why that might be happening to you but for me still seems related to how the client is making the request, so to discard that the client is the problem you need to test the requests outside of your react app and report here if the problem persists. I would recommend using Insomnia or Postman which have a friendly interface for graphql requests |
I have the same issue with insomnia. I authenticated, copied the credentials in another query. |
ok thank you for testing that. Now, we need to replicate the problem. Is there a way you can upload the code to a repository I can look into? If not, please create an empty rails project where you can replicate the same you are using right now, specially make sure you are using the same versions of gems. Maybe then we can identify the issue. |
I'm sorry. I somehow missed this. On a side note. I'm curious about how the client can keep up with headers changing on each request. I wonder how that might work when the client sends asynchronous request. Do you have by any chance a resource in mind on the subject? Thanks again. |
This gem is a GQL interface on top of the Devise Token Auth gem so to really use our gem to it's full potential I would recommend reading their docs (something I'll try to make clearer on our readme file). Here is the explanation for each option you can set on the initializer. So for multiple async requests there is another param |
@dbesserman an off topic question/request. How are you supporting to GraphQL end points in your React app? Do you have a link to an article or even possibly some sample code? I haven't been able to solve this so I've been using a restful interface for authentication because I can't seem to figure out how to get Apollo to support to GQL clients. |
I have a react app and I use
graphql_devise
on a rails backend to authenticate.Authentication works fine except that the token seem to last about a minute.
Is it the expected behaviour?
Here's how I use
graphql_devise
:I use an apollo client for authentication and another apollo client for fetching the resources. Fetching resources requires authentication.
First I authenticate by using the
userLogin
mutation. This allows me to get credentials that Iput in
localStorage
.The client that fetches the resources digs into
localStorage
for each request, takes the credentials, and adds them to the headers of the request.Everything works fine except that after about a minute all my requests end in a 401 error. I need the authenticate again. Am I using
graphql_devise
wrong ?Also, something worth mentioning is that I removed
devise
'strackable
module. It required some columns to be on theusers
table and those columns weren't present in the generated migration file.app/model/user.rb
I reimplement the trackable module to see if that was the issue. It seems it wasn't. I get the same behavior.
I copied those lines from the migration files of another project.
Another thing is that for now the client app and the server app run on 2 different ports of localhost. I use the
rack_cors
to authorize cors in my development environment. But I don't really think that's the issue. Otherwise I probably wouldn't be able to authenticate in the first place.config/environments/development.rb
The text was updated successfully, but these errors were encountered: