I have been using AngularJS and Laravel to develop my new web application for about a month now. One big challenge that I have, and still have, is the JWTs(JSON Web Tokens). JWTs are used to maintain secure connections between servers and client-side applications. I used the tymondesigns/jwt-auth package for laravel, and sahat/satellizer package for AngularJS. They are both maintained and under active development.
Satellizer doesn’t have a function to refresh token with server, which causes the token to expire on the client application. After expiration, Satellizer automatically removes the token from local storage, which on the next request, server will return error 400 because token was not specified.
- Refresh the token on every request, so the token will never expire as long as the user keeps interacting with the server. Problem is that on async request, the application will receive different tokens on different server calls. This can cause many issues and bugs.
- Refresh the token when the old token is expired. This is a better solution, but hard to implement. We need to pause and store all unauthorized request, refresh the token, then re-process all stored request with the new token. angular-http-auth is a library that provides interceptors to angular http functions. We can use this to detect 401 errors and renew token when we receive them. This cannot be done easily because Satellizer is not compatible with angular-http-auth.
There is also another problem on the server side where the Laravel 5 package JWT-auth dose not provide an easy to use refresh token feature.
The best possible option might be writing a new module to do this, which most of the code will be custom and this will surly take some time. The current plan is ignore this error and process to develop more user features before tackling it. This strategy reminded me about the Ostrich algorithm.