Iframe refresh token (auth)
Heyy
I've been working with supa since a long time, btw I'm facing a problem with my current architecture:
I'm building an webapp, so there is a app part and web view
The login/signup part is on the app, and the user is directly redirect to the webview (hidden iframe) thanks to deeplinks and the implicit flow
by the way... the auth session is duplicated between the app and the webview, and more the most problematic thing is the JWT expiration:
1h by default, no problem, the user is on the app during 1h, Oops, token need to be refresh, all good the refresh token of the webview is consume and a new one is here
BUT when the user come back (from the app), he'll try to "connect" but the token is invalid (because the token was refresh only on the webview ! so the refresh token in the app is "dead") (but the user look to be always connect, as anon.... getSession do not check the validity or something ?)
Problem, it's really not user friendly to logout everytime the user close the app,
Yes, I can use postMessage do reload from the app, but there is always 2 source of truth..
What's the best things / practice about this configuration ?
Have a great day ^^
I've been working with supa since a long time, btw I'm facing a problem with my current architecture:
I'm building an webapp, so there is a app part and web view
The login/signup part is on the app, and the user is directly redirect to the webview (hidden iframe) thanks to deeplinks and the implicit flow
by the way... the auth session is duplicated between the app and the webview, and more the most problematic thing is the JWT expiration:
1h by default, no problem, the user is on the app during 1h, Oops, token need to be refresh, all good the refresh token of the webview is consume and a new one is here
BUT when the user come back (from the app), he'll try to "connect" but the token is invalid (because the token was refresh only on the webview ! so the refresh token in the app is "dead") (but the user look to be always connect, as anon.... getSession do not check the validity or something ?)
Problem, it's really not user friendly to logout everytime the user close the app,
Yes, I can use postMessage do reload from the app, but there is always 2 source of truth..
What's the best things / practice about this configuration ?
Have a great day ^^
