Skip to content

Auto Refresh Token#5535

Open
gitwoz wants to merge 5 commits into
developfrom
feat/refresh-token
Open

Auto Refresh Token#5535
gitwoz wants to merge 5 commits into
developfrom
feat/refresh-token

Conversation

@gitwoz

@gitwoz gitwoz commented Jun 23, 2025
edited
Loading

Copy link
Copy Markdown
Contributor
  • Add <TokenExpirationChecker> and Next.js Middleware to check and refresh tokens;

Note: There is currently no error handler for the refresh token in Apollo GraphQL, as we expect the existing auto-refresh mechanism to cover all edge cases.

gitwoz added 2 commits June 23, 2025 22:53
@gitwoz
feat(auth): implement middleware for token management and refresh logic
6065d82 
- Added middleware to handle access and refresh token management, including extraction from cookies and token expiration checks.
- Introduced GraphQL mutation for refreshing tokens and updated cookie handling for user settings.
- Refactored cookie utility functions to support new token management strategy.
- Updated various components to utilize new token handling methods, ensuring proper authentication flow.
- Enhanced user experience by automatically refreshing tokens and managing session state effectively.
@gitwoz
feat(auth): enhance token management by including user metadata in co…
86e2585 
…okies
@gitwoz gitwoz requested a review from a team as a code owner June 23, 2025 16:03
@vercel

vercel Bot commented Jun 23, 2025
edited
Loading

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
matters-web ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jun 24, 2025 11:06am

@gitwoz gitwoz linked an issue Jun 23, 2025 that may be closed by this pull request
Auto refresh token #5471
Open
3 tasks
cursor[bot]

This comment was marked as outdated.

Sign in to view

@github-actions

github-actions Bot commented Jun 23, 2025

Copy link
Copy Markdown

E2E Test Report: ❌ FAILED

Branch: feat/refresh-token
Commit: 86e2585e1b3cfdb6de15e4c03b169056aa863076

View Latest E2E Report

Deployed with Cloudflare Pages at 2025-06-23T16:16:15.952Z

cursor[bot]

This comment was marked as outdated.

Sign in to view

@gitwoz gitwoz changed the title WIP: Refresh Token Auto Refresh Token Jun 24, 2025
@github-actions

github-actions Bot commented Jun 24, 2025

Copy link
Copy Markdown

E2E Test Report: ❌ FAILED

Branch: feat/refresh-token
Commit: 4f4c8228c45ca7687f178b3905e9400ccdb39883

View Branch-specific E2E Report

View Latest E2E Report

Deployed with Cloudflare Pages at 2025-06-24T10:42:04.281Z

cursor[bot]

This comment was marked as outdated.

Sign in to view

@gitwoz gitwoz requested review from Kechicode and ham-76 June 24, 2025 10:55
@github-actions

github-actions Bot commented Jun 24, 2025

Copy link
Copy Markdown

E2E Test Report: ❌ FAILED

Branch: feat/refresh-token
Commit: bd3362c1eb9bbf7fc3f60385ce36aeb114113ea2

View Branch-specific E2E Report

View Latest E2E Report

Deployed with Cloudflare Pages at 2025-06-24T10:59:57.432Z

cursor[bot]
cursor Bot reviewed Jun 24, 2025
View reviewed changes

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Null Assertion Error in Token Expiration Handling

The middleware uses non-null assertion operators on accessTokenExpiration and refreshTokenExpiration, which are the results of getTokenExpiration(). Since getTokenExpiration() can return null for malformed or invalid JWTs, using these null values with new Date() or .toString() will cause runtime errors when setting cookie expiration dates, potentially crashing the middleware.

src/middleware.ts#L129-L144

matters-web/src/middleware.ts

Lines 129 to 144 in fa06df2

// Set new tokens in response
const accessTokenExpiration = getTokenExpiration(newTokens.accessToken)
const refreshTokenExpiration = getTokenExpiration(newTokens.refreshToken)
response.cookies.set(COOKIE_ACCESS_TOKEN, newTokens.accessToken, {
...cookieOptions,
expires: new Date(accessTokenExpiration!),
})
response.cookies.set(COOKIE_REFRESH_TOKEN, newTokens.refreshToken, {
...cookieOptions,
expires: new Date(refreshTokenExpiration!),
})
response.cookies.set(
COOKIE_ACCESS_TOKEN_EXPIRES_AT,
accessTokenExpiration!.toString(),
{ ...cookieOptions, httpOnly: false }
)

Fix in Cursor

Was this report helpful? Give feedback by reacting with 👍 or 👎

@github-actions

github-actions Bot commented Jun 24, 2025

Copy link
Copy Markdown

E2E Test Report: ❌ FAILED

Branch: feat/refresh-token
Commit: fa06df21115ce5efeac37277ad780f5eb54bf222

View Branch-specific E2E Report

View Latest E2E Report

Deployed with Cloudflare Pages at 2025-06-24T11:15:34.271Z

@github-actions

github-actions Bot commented Jun 25, 2025

Copy link
Copy Markdown

E2E Test Report: ✅ PASSED

Branch: feat/refresh-token
Commit: fa06df21115ce5efeac37277ad780f5eb54bf222

View Branch-specific E2E Report

View Latest E2E Report

Deployed with Cloudflare Pages at 2025-06-25T00:50:14.368Z

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

@ham-76 ham-76 Awaiting requested review from ham-76

+1 more reviewer

@Kechicode Kechicode Kechicode approved these changes

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Auto refresh token

2 participants

@gitwoz @Kechicode