Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add a refresh token request #101

Merged
merged 10 commits into from
Mar 4, 2018
Merged

Add a refresh token request #101

merged 10 commits into from
Mar 4, 2018

Conversation

Karyum
Copy link
Collaborator

@Karyum Karyum commented Feb 5, 2018

rel #94
right now im showing Try again! on the client side for when i do get a refresh token but not sure how to restart or make the request to the api without the user clicking submit again any ideas ?

@Karyum Karyum requested a review from des-des February 5, 2018 21:12
Copy link
Member

@des-des des-des left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Karyum the user should not click 'try again'.

This should all happen under the hood.

here is some very rough code that may help you understand the route to a solution. There are plent of ways of doing this.

const manageRequestAuth = makeRequest => {
  makeRequest().
    then(res => {
      if (needsRefreshToken(res) {
        return getRefreshToken().then(makeRequest)
      } else return res
    }
}

I think what you want to do here is create a file otp_sdk
then we go

OTP.events.get()
... and the same everywhere else

This way we can add the auth / refresh stuff to all the otp requests without turning everything into a spaghetti mess

@Karyum
Copy link
Collaborator Author

Karyum commented Feb 11, 2018

I think what you want to do here is create a file otp_sdk

so what we need here is something or an object that holds all the functions that make requests to the API correct ? so if i wanted to request the refresh token in other places in the code i would just require the otp_sdkand do something like OTP.auth.getRefreshToken(...).then() etc. but if this is what i want do you want me to make otp_sdk is thiss PR or a different one cause it's going to get way too big.

@des-des
Copy link
Member

des-des commented Feb 11, 2018

@Karyum fair enough about keeping it out of this pr.

  1. I think you have the idea, except that otp-sdk would handle refreshing the token.
//otp-sdk.js
module.exports = {
   createUser: withAuth(createUser)
}

@Karyum
Copy link
Collaborator Author

Karyum commented Feb 13, 2018

@des-des
ive been having a bit of trouble with this, so let's say the user has an expired token and we got Unauthorized from the api, now we need to get the refresh token and make the call again and that response needs handling (including errors). so the code it's just going to look like a mess is this the right way or any better ideas?

OTP.events
      .modify(reqOptions, tools)
      .then(res => res.end(res.redirectUrl))
      .catch(err => {
        if (err.Unauthorized) {
          getRefreshToken(req, res)
            .then(res =>
              OTP.events
                .modify(reqOptions, tools)
                .then(res => res.end(res.redirectUrl))
                .catch(error => res.status(500).send(error.message)),
            )
            .catch(err => console.log(err));
        } else {
          res.status(500).send(error.message);
        }
      });

Should i just use async/await ??

    try {
      const apiResponse = await OTP.events.modify(reqOptions, tools);
      res.send(apiResponse);
    } catch (e) {
      if (e.Unauthorized) {
        try {
          await getRefreshToken(req, res);
          const apiResponse = OTP.events.modify(reqOptions, tools);
        } catch (e) {
          // ...
        }
      } else {
        return res.status(500).send(error.message);
      }
    }

both look like a mess for me....

@Karyum
Copy link
Collaborator Author

Karyum commented Feb 14, 2018

@des-des the new changes include the otp_sdk, used async/await to make the code bit more readable.
I'll raise issues to move the app to use the otp_sdk, instead of making the request inside the controller

Copy link
Member

@des-des des-des left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please limit use of axios + async/await to the otp_sdk folder

errorMessage: res.locals.localText.serverError,
});
} else {
console.log(decodedToken.access_token);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔥


module.exports = (req, res) => {
const requestToken = token => {
console.log(1);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔥

});
};

return new Promise(async (resolve, reject) => {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay,
This promise wrapper is unnecessary

also,

This is the final change I will request,

There should be a clear distinction between something that is a controller, and something that is not a controller.

This file should be more like a plain function, it should take a bunch or arguments, and return a promise.

Ie, remove req and res from this function, and deal with these outcomes inside a controller. This may require a bit of work

@des-des des-des assigned Karyum and unassigned des-des Feb 27, 2018
@Karyum
Copy link
Collaborator Author

Karyum commented Mar 1, 2018

@des-des made the changes and got rid of async/await in the controller

@des-des des-des merged commit 6686772 into master Mar 4, 2018
@des-des des-des deleted the add/refresh-token-request branch March 4, 2018 10:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants