j Posts - Answer Overflow

Explore posts from servers

•Created by j on 4/23/2025 in #💻┃support

How does refresh token actually work?

Hello, I am building a remix app and transitioning to Kinde for refresh tokens. I set the access token to expire in 1 minute to test token expiry. If token expires and we make a call to getToken() I would expect it to give back the header with refreshed access token since the token is expired. But it doesn't – and even if I call refreshTokens() explicitly, it still gives back the outdated token. After a hard refresh, the user goes into logged out state (since access token is still expired). I would need to visit /kinde-auth/login (which is smart to detect previous login and not require another login attempt) which will then redirect back to the app with a new token. The behavior I am seeing is refresh token just isn't being taken into account at all.

8 replies

TtRPC

•Created by j on 2/25/2025 in #❓-help

Extra query keys for functions for invalidation

Is it possible to easily provide extra query hashes for functions? For example, lets say i have a procedure GetCurrentState() With no input. Before when i used raw react query, i could do UseQuery({ queryKey: ["currentState", dependency] }) To easily add dependencies to the query key function even if the fetch itself may not need it. How would i do this? I think modifying queryHashFn option or adding arbitrary input to procedure is hacky

2 replies

TtRPC

•Created by j on 2/20/2025 in #❓-help

best practice for invalidating protected queries upon profile switch

I have an app where users can have multiple profiles. I have a protectedProcedure that does a db check on the user and profile ownership as a base. on the frontend, once user switches profile, I want to invalidate all queries that are "protected". Well known option is:

const { mutateAsync: switch } = api.switchProfile.useQuery()

...
switch.then(() => {
  // invalidate all, but will also invalidate everything that doesn't need to be invalidated like public procedures
  api.useUtils().invalidate()
  
  // invalidate selective, but harder to scale since i haev to keep adding all protected routes as i go.
  api.useUtils().protected1.invalidate();
  api.useUtils().protected2.invalidate();
  api.useUtils().protected3.invalidate();

  // would be nice to have something like
  api.useUtils().protectedProcedures.invalidate();
}

const { mutateAsync: switch } = api.switchProfile.useQuery()

...
switch.then(() => {
  // invalidate all, but will also invalidate everything that doesn't need to be invalidated like public procedures
  api.useUtils().invalidate()
  
  // invalidate selective, but harder to scale since i haev to keep adding all protected routes as i go.
  api.useUtils().protected1.invalidate();
  api.useUtils().protected2.invalidate();
  api.useUtils().protected3.invalidate();

  // would be nice to have something like
  api.useUtils().protectedProcedures.invalidate();
}

Above will work but switching profile may not always happen in one spot, or through an explicit call. Server might also return a response that may switch the user's profile. previously to tRPC, I have done attached the userId to the query key to "protected" queries like queryKey: [arg1, arg2, userId, currentProfileId], which ensured revalidation upon switching through any measure. But this is manual and requires me to add an arbitrary .input() to the protectedProcedure I also thought about using queryHashKeyFn at the global level, but can get finicky with SSR/Suspense and feels too hacky, and not to mention it will invalidate ALL, not just protected. Any suggestions here?

3 replies

Gaming

Programming