We've recently discussed an axios' interceptor for OAuth authentication token refresh in this question.
What the interceptor should do is intercept any response with the 401 status code and try to refresh the token.
With that in mind, the next thing to do is to return a Promise from the interceptor, so that any request which would have normally fail, would run as nothing happens after a token refresh.
The main problem is, that an interceptor checks only the 401 status code, which is not enough, as the refreshToken will also return the 401 status code when it fails - and we have a loop.
There are two possible scenarios I have in mind:
/auth/refresh it shouldn't try to refresh the token;refreshToken logic is calledThe first option looks a bit "not dynamic" to me. The second option looks promising, but I'm not sure if it's even possible.
The main question is then, how can we differentiate/identify calls in an interceptor and run different logic for them without "hardcoding" it specifically, or is there any way to omit the interceptor for a specified call? Thank you in advance.
The code for an interceptor might help to understand the question:
Axios.interceptors.response.use(response => response, error => {
const status = error.response ? error.response.status : null
if (status === 401) {
// will loop if refreshToken returns 401
return refreshToken(store).then(_ => {
error.config.headers['Authorization'] = 'Bearer ' + store.state.auth.token;
error.config.baseURL = undefined;
return Axios.request(error.config);
})
// Would be nice to catch an error here, which would work if the interceptor is omitted
.catch(err => err);
}
return Promise.reject(error);
});
and token refreshing part:
function refreshToken(store) {
if (store.state.auth.isRefreshing) {
return store.state.auth.refreshingCall;
}
store.commit('auth/setRefreshingState', true);
const refreshingCall = Axios.get('get token').then(({ data: { token } }) => {
store.commit('auth/setToken', token)
store.commit('auth/setRefreshingState', false);
store.commit('auth/setRefreshingCall', undefined);
return Promise.resolve(true);
});
store.commit('auth/setRefreshingCall', refreshingCall);
return refreshingCall;
}
I may have found a way much simpler to handle this : use axios.interceptors.response.eject() to disable the interceptor when I call the /api/refresh_token endpoint, and re-enable it after.
The code :
/**
* Wrap the interceptor in a function, so that it can be re-instantiated
*/
function createAxiosResponseInterceptor() {
const interceptor = axios.interceptors.response.use(
(response) => response,
(error) => {
// Reject promise if usual error
if (error.response.status !== 401) {
return Promise.reject(error);
}
/*
* When response code is 401, try to refresh the token.
* Eject the interceptor so it doesn't loop in case
* token refresh causes the 401 response.
*
* Must be re-attached later on or the token refresh will only happen once
*/
axios.interceptors.response.eject(interceptor);
return axios
.post("/api/refresh_token", {
refresh_token: this._getToken("refresh_token"),
})
.then((response) => {
saveToken();
error.response.config.headers["Authorization"] =
"Bearer " + response.data.access_token;
// Retry the initial call, but with the updated token in the headers.
// Resolves the promise if successful
return axios(error.response.config);
})
.catch((error2) => {
// Retry failed, clean up and reject the promise
destroyToken();
this.router.push("/login");
return Promise.reject(error2);
})
.finally(createAxiosResponseInterceptor); // Re-attach the interceptor by running the method
}
);
}
createAxiosResponseInterceptor(); // Execute the method once during start
Above code will: