Feature request: support expiring access tokens #447

New issue

Open

opened 2025-01-27 15:12:47 +01:00 by FenTiger · 0 comments

FenTiger commented

2025-01-27 15:12:47 +01:00

(Migrated from github.com)

IndiePass appears to expect that the received access_token will be valid forever. If the server responds with a HTTP 401, this gets displayed to the user as an error.

If the access_token has expired, the server will respond with a 401 with a WWW-Authenticate: error="invalid_token" header: https://datatracker.ietf.org/doc/html/rfc6750#section-3.1

It would be useful if IndiePass could spot this error and either restart the login process from the beginning, or make use of a refresh_token if one was present in the initial access token response.

IndiePass appears to expect that the received `access_token` will be valid forever. If the server responds with a HTTP 401, this gets displayed to the user as an error. If the `access_token` has expired, the server will respond with a 401 with a `WWW-Authenticate: error="invalid_token"` header: https://datatracker.ietf.org/doc/html/rfc6750#section-3.1 It would be useful if IndiePass could spot this error and either restart the login process from the beginning, or make use of a `refresh_token` if one was present in the initial access token response.

👍 1

This discussion has been locked. Commenting is limited to contributors.