-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unhandled Exception on Invalid Refresh Token #28
Comments
My idea for a quick fix is by deleting the token to force the user login again to get a new access token and refresh token. For the exception, I try to remove it because there's no way to handle it when using this package. Dio Interceptor won't rethrow the DirectusError. Future<AuthResponse?> manuallyRefresh() async {
...
try {
...
} catch (e) {
currentUser = null;
tfa = null;
tokens = null;
await _emitter.emitAsync('logout', null);
client.unlock();
return null;
}
...
} |
I'm not sure if we should logout user on error. But it's definitely a bug if we can't handle exception. // Inside `refreshExpiredTokenInterceptor`
// line 174
try {
final response = await manuallyRefresh();
if (response?.accessToken != null) {
options.headers['Authorization'] = response!.accessToken;
} else {
options.headers.remove('Authorization');
}
} catch (e) {
return handler.reject(DioError(requestOptions: options, error: e));
}
|
When I think about it again, I agree with you. We shouldn't immediately log out the user. I didn't think thoroughly earlier. Yeah, I think it's a good idea to let |
Not currently, but we can add |
Closed in #29 |
The Interceptor used for refreshing the token has an unhandled exception. It happens when the server gives error 401 on an invalid refresh token.
Here's the interceptor
Here's the method that throws the exception.
I think it should handle the logout automatically after an invalid refresh token.
The text was updated successfully, but these errors were encountered: