Token may be expired by the time server receives it #1843
Description
Version
module: 5.0.0-1667386184.dfbbb54
nuxt: ^2.16.2
Nuxt configuration
mode:
- universal
- spa
Nuxt configuration
Reproduction
⚠️ without a minimal reproduction we won't be able to look into your issue
What is expected?
User is logged in, they open a page in the app, the page initiates a request, the nuxt auth module checks if the token is expired or not, suppose it is 12:00:00 and the token expiration time is 12:00:01. The nuxt auth module decides it is not necessary to refresh the token and proceeds with the original request without refreshing token. Because of DNS hop, maintainance error, time skew between user and authentication/oidc server, or whatever, the request takes 2 seconds to reach the server and by the time the server is examining it, the token is already expired.
When an $axios request is being initiated, according to configs having global: true nuxt auth module checks if the token is expired and refresh token is valid, and if that is the case, it does not send any request to refresh token, but if the token is expired, and refresh token is active, it sends a request to refresh the token before proceeding with the original $axios request. I expect this check to consider time difference between when the request is initated and the time the server receives the request. (Ideally by a config option)
I expect there to be an option in the config that I can set to presume a "n" number of seconds to check for token expiration before sending request. Based on my server or requirements or importance of the application I can adjust "n" to 1 second, 2 seconds, 5 seconds or 10 seconds or whatever.
Psuedo code of what I have in mind:
userAdjustedTimeSkew = 5000 (milliseconds)
if (token.isExpired || token.expirationTime - currentTime > userAdjustedTimeSkew) {
await refreshTOken()
}
proceedWithORiginalReuest().
What is actually happening?
We experienced this actual scenario on a slow internet connection. The token was vlaid when JS in browser was examining it, but by the time the server received it, it was expired and 401 was returned. Our users may experience a slow connection too.
Steps to reproduce
// hard to reproduce, I cannot setup a temporary auth server and make it be slow!
Additional information
Checklist
- I have tested with the latest Nuxt version and the issue still occurs
- I have tested with the latest module version and the issue still occurs
- I have searched the issue tracker and this issue hasn't been reported yet