What to do after the refresh token of Oauth2.0 obtains the new access_token

carries access_token and refresh_token

in the header when requesting the interface.

if access_token expires, the new access_token will be obtained according to refresh_token , and then the expiration time of refresh_token will be updated!

but there is a question! How do I write to the client after getting a new access_token ?

such as scene

user requests an order list after logging in for a period of time ( access_token has expired).
but due to access_token has expired when requesting an order list! So get a new token according to refresh_token !
We block the request for the order list and let it get the new access_token and return a specific status code! According to the judgment status code, the client determines whether to write access_token ?
according to the agreed status code. In this case, what should I do if the request for the order list is gone?

do you have a big answer to what you feel like a mess? (there is a reward)

there is a train of thought at present

at the time of the request, determine whether the token expires, if not, continue the request;
if there is an expiration, detect refresh_token whether it expires; if it also expires, let the user log in again!
if token expires but refresh_token sets the expiration time of the new Token update refresh_token in the middleware; the request continues and adds the token field to the returned json! 

{
  "status": 1,
  "msg": "",
  "data":[
    //
    ],
  "token" :"xxxxxxxxxxxxx"    //token

in the client response interceptor , if there is a token field in the returned object, replace the old token !

I wonder if this is feasible?

Php laravel yii oauth2.0
Apr.02,2022

Nobody handles it that way. Business interface and token interface are not put together
1. If you verify that the token is invalid, an error code is returned? The client needs to refresh token or log in to
2 according to this error code. After that, continue to request the normal business interface

whether the access_token expires and refresh the access_token with refresh_token. Generally speaking, the client does it. The client stores

through the response interceptor. When it is determined that the situation is similar to not logging in, refresh the token and retry the current request

Previous: Does Mini Program use bindtouchmove to determine whether the setDat view update delay changes when the user scrolls down or up?

Next: If determines how to optimize the way objects are used?

css mysql arrays josn react html typescript webpack npm sass R objective-c .net sql-server jquery python-3.x angularjs django angular excel regex iphone ajax linux xml pandas vba spring database wordpress string wpf xcode windows bash postgresql oracle multithreading eclipse list firebase algorithm macos forms image scala visual-studio azure bootstrap spring-boot react-native python-2.7 docker performance function winforms matlab powershell apache dataframe api sqlite numpy rest shell selenium flutter dart maven loops qt swing android-studio csv express file class tensorflow sorting codeigniter perl
© 2021 CodesHelper
Advertising Contact us About us
Menu