Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

What happens if the access token is about to expire? #89

Closed
braaar opened this issue Apr 10, 2024 · 1 comment · Fixed by #90
Closed

What happens if the access token is about to expire? #89

braaar opened this issue Apr 10, 2024 · 1 comment · Fixed by #90
Labels
enhancement New feature or request

Comments

@braaar
Copy link
Member

braaar commented Apr 10, 2024
edited
Loading

The AbaxAuth class will refresh an expired access token (if able) when you call AbaxAuth.getAccessToken. It will not refresh the access token if the token is about to expire, say in 1 second, 30 seconds, 1 minute or 5 minutes.

It's quite plausible that whatever the access token is subsequently used for will face a 401 error if the AbaxAuth naïvely tells you "this token is good to go 👍" when it is in fact expiring very shortly. For example, a program fetching thousands of entities that needs to slow down due to rate limiting could easily last more than a few minutes. If you know that your program falls into this category, it would be nice to be able to tell AbaxAuth that you won't accept an access token that is about to expire very shortly.

Perhaps we should add an option to the AbaxAuth class or getAccessToken function that lets the user specify an amount of time that the token ought to last.

That could look like this:

const abaxAuth = new AbaxAuth({ 
  clientId: 'abc', 
  clientSecret: 'def', 
  redirectUri: 'http://localhost:3000', 
});

abaxAuth.setCredentials({
  accessToken: 'existingToken',
  refreshToken: 'refreshToken',
  expiresAt: new Date('2024-04-10T12:00'),
  tokenType: 'Bearer',
});

const apiKey = abaxAuth.getAccessToken(600); // get an access token that must last at least 600 seconds from now

Alternatively, it could look like this:

const abaxAuth = new AbaxAuth({ 
  clientId: 'abc', 
  clientSecret: 'def', 
  redirectUri: 'http://localhost:3000', 
  minimumAccessTokenDuration: 600, // access tokens must last at least 600 seconds when retrieved
});

abaxAuth.setCredentials({
  accessToken: 'existingToken',
  refreshToken: 'refreshToken',
  expiresAt: new Date('2024-04-10T12:00'),
  tokenType: 'Bearer',
});

const apiKey = abaxAuth.getAccessToken();
@braaar braaar added the enhancement New feature or request label Apr 10, 2024
@braaar
Copy link
Member Author

braaar commented Apr 10, 2024
edited
Loading

I feel that regardless of how we implement it, there should be a default value between 60 seconds and 300 seconds. Does a user expect that they might get an access token that lasts less than a minute? It seems incredibly error prone to have it like that, considering rate limiting.

It might make sense to tolerate very short lived access tokens for very small operations that want to minimise the overhead of refreshing, in which case it's fine for the user to set a lower value themselves.

@Xillians Xillians mentioned this issue May 15, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: create expiring threshold bjerkio/abax-node-sdk
1 participant
@braaar