Skip to content
This repository was archived by the owner on Nov 25, 2020. It is now read-only.

Automatic logout if accesstoken expires in more than 24.85 days #375

Closed
sondr opened this issue Feb 9, 2018 · 1 comment
Closed

Automatic logout if accesstoken expires in more than 24.85 days #375

sondr opened this issue Feb 9, 2018 · 1 comment

Comments

@sondr
Copy link

sondr commented Feb 9, 2018

setTimout gets called right away if timeout exceeds int32 max value(2147483647).

In authService.js:

setTimeout(ttl: number) {
    this.clearTimeout();
    const expiredTokenHandler = () => {
      if (this.config.autoUpdateToken
        && this.authentication.getAccessToken()
        && this.authentication.getRefreshToken()) {
        this.updateToken().catch(error => logger.warn(error.message));

        return;
      }
      this.setResponseObject(null);

      if (this.config.expiredRedirect) {
        PLATFORM.location.assign(this.config.expiredRedirect);
      }
    };

    this.timeoutID = PLATFORM.global.setTimeout(expiredTokenHandler, ttl);
    PLATFORM.addEventListener('focus', () => {
      if (this.isTokenExpired()) {
        expiredTokenHandler();
      }
    });
  }

Change suggestion:
this.timeoutID = PLATFORM.global.setTimeout(expiredTokenHandler, ttl);
To
this.timeoutID = PLATFORM.global.setTimeout(expiredTokenHandler, Math.min(ttl, Math.pow(2, 31) - 1));

Or throw an error if access token lifetime is too long.
@RWOverdijk
Copy link
Member

I agree. Something like that could be a good idea. Let the handler take a look at the time remaining and then pick it up again.

Regardless, such a long timeout is a strange thing to do combined with refresh tokens and has no priority for me personally. But a PR would be more than welcome!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@RWOverdijk @sondr