Skip to content

Auto Refresh Token #5535

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
gitwoz wants to merge 5 commits into
base: develop
Choose a base branch
from
Open

Auto Refresh Token #5535

gitwoz wants to merge 5 commits into from

Conversation

@gitwoz
Copy link
Contributor

@gitwoz gitwoz commented Jun 23, 2025
edited
Loading

  • Add <TokenExpirationChecker> and Next.js Middleware to check and refresh tokens;

Note: There is currently no error handler for the refresh token in Apollo GraphQL, as we expect the existing auto-refresh mechanism to cover all edge cases.

gitwoz added 2 commits June 23, 2025 22:53
@gitwoz
feat(auth): implement middleware for token management and refresh logic
6065d82 
- Added middleware to handle access and refresh token management, including extraction from cookies and token expiration checks.
- Introduced GraphQL mutation for refreshing tokens and updated cookie handling for user settings.
- Refactored cookie utility functions to support new token management strategy.
- Updated various components to utilize new token handling methods, ensuring proper authentication flow.
- Enhanced user experience by automatically refreshing tokens and managing session state effectively.
@gitwoz
feat(auth): enhance token management by including user metadata in co…
86e2585 
…okies
@gitwoz gitwoz requested a review from a team as a code owner June 23, 2025 16:03
@vercel
Copy link

vercel bot commented Jun 23, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
matters-web ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jun 24, 2025 11:06am

@gitwoz gitwoz linked an issue Jun 23, 2025 that may be closed by this pull request
Auto refresh token #5471
Open
3 tasks
cursor[bot]

This comment was marked as outdated.

Sign in to view

@github-actions
Copy link

github-actions bot commented Jun 23, 2025

E2E Test Report: ❌ FAILED

Branch: feat/refresh-token
Commit: 86e2585e1b3cfdb6de15e4c03b169056aa863076

View Latest E2E Report

Deployed with Cloudflare Pages at 2025-06-23T16:16:15.952Z

cursor[bot]

This comment was marked as outdated.

Sign in to view

@gitwoz gitwoz changed the title WIP: Refresh Token Auto Refresh Token Jun 24, 2025
@github-actions
Copy link

github-actions bot commented Jun 24, 2025

E2E Test Report: ❌ FAILED

Branch: feat/refresh-token
Commit: 4f4c8228c45ca7687f178b3905e9400ccdb39883

View Branch-specific E2E Report

View Latest E2E Report

Deployed with Cloudflare Pages at 2025-06-24T10:42:04.281Z

cursor[bot]

This comment was marked as outdated.

Sign in to view

@gitwoz gitwoz requested review from Kechicode and ham-76 June 24, 2025 10:55
@github-actions
Copy link

github-actions bot commented Jun 24, 2025

E2E Test Report: ❌ FAILED

Branch: feat/refresh-token
Commit: bd3362c1eb9bbf7fc3f60385ce36aeb114113ea2

View Branch-specific E2E Report

View Latest E2E Report

Deployed with Cloudflare Pages at 2025-06-24T10:59:57.432Z

cursor[bot]
cursor bot reviewed Jun 24, 2025
View reviewed changes
Copy link

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Null Assertion Error in Token Expiration Handling

The middleware uses non-null assertion operators on accessTokenExpiration and refreshTokenExpiration, which are the results of getTokenExpiration(). Since getTokenExpiration() can return null for malformed or invalid JWTs, using these null values with new Date() or .toString() will cause runtime errors when setting cookie expiration dates, potentially crashing the middleware.

src/middleware.ts#L129-L144

matters-web/src/middleware.ts

Lines 129 to 144 in fa06df2

// Set new tokens in response
const accessTokenExpiration = getTokenExpiration(newTokens.accessToken)
const refreshTokenExpiration = getTokenExpiration(newTokens.refreshToken)
response.cookies.set(COOKIE_ACCESS_TOKEN, newTokens.accessToken, {
...cookieOptions,
expires: new Date(accessTokenExpiration!),
})
response.cookies.set(COOKIE_REFRESH_TOKEN, newTokens.refreshToken, {
...cookieOptions,
expires: new Date(refreshTokenExpiration!),
})
response.cookies.set(
COOKIE_ACCESS_TOKEN_EXPIRES_AT,
accessTokenExpiration!.toString(),
{ ...cookieOptions, httpOnly: false }
)

Fix in Cursor

Was this report helpful? Give feedback by reacting with 👍 or 👎

@github-actions
Copy link

github-actions bot commented Jun 24, 2025

E2E Test Report: ❌ FAILED

Branch: feat/refresh-token
Commit: fa06df21115ce5efeac37277ad780f5eb54bf222

View Branch-specific E2E Report

View Latest E2E Report

Deployed with Cloudflare Pages at 2025-06-24T11:15:34.271Z

@github-actions
Copy link

github-actions bot commented Jun 25, 2025

E2E Test Report: ✅ PASSED

Branch: feat/refresh-token
Commit: fa06df21115ce5efeac37277ad780f5eb54bf222

View Branch-specific E2E Report

View Latest E2E Report

Deployed with Cloudflare Pages at 2025-06-25T00:50:14.368Z

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

@Kechicode Kechicode Kechicode approved these changes

@ham-76 ham-76 Awaiting requested review from ham-76

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Auto refresh token

3 participants

@gitwoz @Kechicode