Access protected API with JWT

[geolunalg]

Overview

User Story:
As a user, I want my session to continue seamlessly when my access token expires.

Action Items

Acceptance Criteria:

• When access token is expired and API returns 401, client calls POST /auth/refresh.
• Backend reads refresh token from cookie and:
  • if valid: returns a new access token
  • if invalid/expired: returns 401 and client routes to login
• Client retries the original request once after successful refresh.

Resources/Instructions

• This issue is part of the epic: EPIC: Authentication & Session Management (JWT + Refresh) #2065

[rteas]

Backend api supports refresh.
Current path is an HTTP POST to /auth/refresh-access-token

Need front end wiring/integration.

[geolunalg]

@JackHaeg @trillium @rteas

Need confirnation from Richy if is this When access token is expired and API returns 401, client calls POST /auth/refresh done.

This Client retries the original request once after successful refresh. is a client side (front-end) code change.

Size: M to L

[JackHaeg]

@rteas when you have a moment, can you please reply to Geo's question above in a comment?