Reputation: 162
How to handle jwt refresh in HTMX?
Im working on my first project using htmx. The way I usually like doing auth is using very short lived jwt (30 to 60 seconds) and then keep the refresh token on the database.
This makes it simple to invalidate a user by deleting the refresh token. In the client side what I do is wrap my api calls in a try-catch block that requests a new token and retry it (only once) if it gets a 401 response.
Using htmx it seems like a reasonable choice to use a middleware in the server that automatically refresh the token if the access token is invalid but the refresh token is valid without a specific enpoint for refreshing. But I believe this would cause problems with simultaneous requests. If multiple requests are sent to the server with and expired access token, the server would refresh the first one it responds to, then the second now has an invalid (old) refresh token.
I believe I can implement a similar client-side logic using htmx events, but would it be possible to handle this all server side?
Upvotes: 0
Views: 62
Answers (0)
Related Questions
- JWT refresh token flow
- Invalidating JSON Web Tokens
- Single sign-on flow using JWT for cross domain authentication
- JWT vs cookies for token-based authentication
- JWT (JSON Web Token) automatic prolongation of expiration
- Is a Refresh Token really necessary when using JWT token authentication?
- What are the main differences between JWT and OAuth authentication?
- JWT authentication for public resources
- SPA best practices for authentication and session management