Checking Authenticated State with Auth Connect
Auth Connect 5 no longer ships with a built in method for checking the authentication status of the application. Implementing this functionality is left up to the developer, so that they may best decide for their application what it means to be authenticated. Auth Connect provides all the tools necessary to implement this functionality.
Considerations
In building out our own isAuthenticated
method, we need to consider a few things:
- What does it mean to be authenticated? Is a non-expired
access_token
sufficient? - If we have a
refresh_token
, should we attempt to refresh an expiredaccess_token
? - What about if we are in a no-network environment?
- What if the attempt to refresh fails due to a network error?
- Do we have any geo-restrictions on our application?
The answers to these questions can and do change between applications, so you should consider them, along with any other requirements your specific application may have.
Tools
Auth connect provides a few tools to help you implement your own isAuthenticated
method:
isAccessTokenAvailable
- Checks if yourAuthResult
has anaccess_token
available.isAccessTokenExpired
- Checks if yourAuthResult
has an expiredaccess_token
.isRefreshTokenAvailable
- Checks if yourAuthResult
has arefresh_token
available.refreshSession
- Attempts to refresh your session using therefresh_token
in yourAuthResult
.
These are your building blocks for implementing your own isAuthenticated
method. You should combine these with other APIs or application logic to determine if the user is authenticated.
Only JWT tokens can be used to perform operations on access tokens. Auth Connect cannot decode other types of access tokens.
Example
In our example, we'll make a simple version of isAuthenticated with the following requirements:
- A user is considered Authenticated if they have a non-expired
access_token
. - If the
access_token
is expired and we have arefresh_token
, we will attempt to refresh the session. - If the refresh is successful, we update our
AuthResult
and consider the user authenticated. - In a no-network environment, determined by
navigator.onLine
we consider the user authenticated, regardless of expire status of theaccess_token
as long as we have arefresh_token
.
_25async function isAuthenticated(authResult: AuthResult) {_25 const isAccessTokenAvailable = await AuthConnect.isAccessTokenAvailable(authResult);_25 const isAccessTokenExpired = await AuthConnect.isAccessTokenExpired(authResult);_25 const isRefreshTokenAvailable = await AuthConnect.isRefreshTokenAvailable(authResult);_25_25 if (isAccessTokenAvailable && !isAccessTokenExpired) {_25 return true;_25 }_25_25 if (!navigator.onLine) {_25 if (isRefreshTokenAvailable) return true;_25 await clearAuthResult();_25 return false;_25 }_25_25 try {_25 const refreshedAuthResult = await AuthConnect.refreshSession(authResult);_25 await saveAuthResult(refreshedAuthResult);_25 return true;_25 } catch (err) {_25 // Refresh failed, or no `refresh_token` available_25 await clearAuthResult();_25 return false;_25 }_25}