Community
Learn
Tools Library
AI Tools
Leisure
search
English
Home > Web Front-end > JS Tutorial > Refresh Token in Angular

Refresh Token in Angular

Patricia Arquette
Release: 2024-12-31 20:10:13
Original
505 people have browsed it

Maintaining user sessions without constant logins is key to a smooth web experience. In this blog, I’ll show you how to implement a token refresh workflow in Angular, handling 401 errors and managing concurrent requests effectively.

What is a Refresh Token Workflow?

In authentication systems, access tokens have a short lifespan to minimize security risks. When an access token expires, the refresh token allows the application to request a new access token from the server without requiring the user to log in again.

Angular Implementation

We’ll implement a refresh token mechanism using Angular’s HttpInterceptor. The goal is to intercept unauthorized requests (401 errors) and refresh the token before retrying the original request.

Complete Workflow

  • Request Interception:
    An interceptor detects a 401 Unauthorized response.

  • Token Refresh:
    If the token is expired, refreshToken fetches a new token.

  • Retry Request:
    The original request is retried with the new token.

  • Queue Management:
    Pending requests are processed once the token is refreshed.

Refresh Token in Angular

Code Overview

  1. Token Refresh Logic The handleUnauthorized method handles refreshing the token when a request fails due to an expired token. 
handleUnauthorized(
  req: HttpRequest<any>,
  next: HttpHandlerFn
): Observable<any> {
  if (!this.isRefreshingToken) {
    this.isRefreshingToken = true;

    // Notify all waiting requests that the token is being refreshed
    this.tokenSubject.next(null);

    return this.refreshToken().pipe(
      switchMap((newToken: string) => {
        if (newToken) {
          this.tokenSubject.next(newToken);
          // Retry the original request with the new token
          return next(this.addToken(req, newToken));
        }

        // If token refresh fails, log out the user
        this.logout();
        return throwError(() => 'Token expired');
      }),
      catchError((error) => {
        this.logout(); // Log out on error
        return throwError(() => error);
      }),
      finalize(() => {
        this.isRefreshingToken = false; // Reset the flag
      }),
    );
  } else {
    // Queue requests while a token is being refreshed
    return this.tokenSubject.pipe(
      filter((token) => token != null),
      take(1),
      switchMap((token) => next(this.addToken(req, token))),
    );
  }
}
Copy after login
Copy after login

The handleUnauthorized function is designed to manage scenarios where an HTTP request receives a 401 Unauthorized status, indicating that the access token has expired or is invalid. This function ensures that the application can refresh the token and retry the failed request seamlessly.

  1. Prevent Multiple Refresh Requests The function uses the isRefreshingToken flag to ensure only one token refresh request is made at a time. If the token is already being refreshed, subsequent requests are queued until the new token is available. 
handleUnauthorized(
  req: HttpRequest<any>,
  next: HttpHandlerFn
): Observable<any> {
  if (!this.isRefreshingToken) {
    this.isRefreshingToken = true;

    // Notify all waiting requests that the token is being refreshed
    this.tokenSubject.next(null);

    return this.refreshToken().pipe(
      switchMap((newToken: string) => {
        if (newToken) {
          this.tokenSubject.next(newToken);
          // Retry the original request with the new token
          return next(this.addToken(req, newToken));
        }

        // If token refresh fails, log out the user
        this.logout();
        return throwError(() => 'Token expired');
      }),
      catchError((error) => {
        this.logout(); // Log out on error
        return throwError(() => error);
      }),
      finalize(() => {
        this.isRefreshingToken = false; // Reset the flag
      }),
    );
  } else {
    // Queue requests while a token is being refreshed
    return this.tokenSubject.pipe(
      filter((token) => token != null),
      take(1),
      switchMap((token) => next(this.addToken(req, token))),
    );
  }
}
Copy after login
Copy after login
  1. Refresh the Token If no refresh request is in progress, it initiates a token refresh using the refreshToken method. Once a new token is received:
  • It is stored in the tokenSubject.
  • The original request is retried with the updated token. 
if (!this.isRefreshingToken) {
  this.isRefreshingToken = true;
  this.tokenSubject.next(null);
Copy after login
  1. Handle Concurrent Requests If a token refresh is already in progress, the function queues subsequent requests. These requests wait for the tokenSubject to emit the new token before proceeding. 
return this.refreshToken(url).pipe(
  switchMap((newToken: string) => {
    if (newToken) {
      this.tokenSubject.next(newToken);
      return next(this.addToken(req, newToken));
    }
    this.logout();
    return throwError(() => 'Token expired');
  }),
Copy after login
  1. Error Handling If the token refresh fails or throws an exception:
  • The user is logged out.
  • An error is returned to the caller. 
return this.tokenSubject.pipe(
  filter((token) => token != null), // Wait for a non-null token
  take(1), // Only take the first emitted token
  switchMap((token) => next(this.addToken(req, token))),
);
Copy after login
  1. Cleanup The finalize operator ensures that the isRefreshingToken flag is reset, allowing subsequent refresh requests. 
catchError((error) => {
  this.logout();
  return throwError(() => error);
}),
Copy after login

Adding the Token to Requests
The addToken method appends the new token to the headers of the outgoing request.

finalize(() => {
  this.isRefreshingToken = false;
}),
Copy after login

Using It in an Angular HTTP Interceptor

An HttpInterceptor is a perfect place to implement this workflow. It allows you to intercept all HTTP requests and handle token management globally without modifying individual service calls.

addToken(request: HttpRequest<any>, token: string): HttpRequest<any> {
  return request.clone({
    setHeaders: {
      'X-Token': token,
    },
  });
}
Copy after login

In summary, a solid token refresh workflow ensures a seamless user experience and secure session management in Angular applications. By handling 401 errors effectively and managing concurrent requests, you can maintain reliability and keep your users happy. Thank you for reading—feel free to share your thoughts or questions below!

The above is the detailed content of Refresh Token in Angular. For more information, please follow other related articles on the PHP Chinese website!

source:dev.to
Previous article:Js in bits - (datatypes - null) Next article:How Can I Reliably Verify if a Value is NaN in JavaScript?
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Latest Issues
function_exists() cannot determine the custom function Function test () {return true;} if (function_exists ('test')) {echo "test is function...
From 2024-04-29 11:01:01
0
3
2379
How to display the mobile version of Google Chrome Hello teacher, how can I change Google Chrome into a mobile version?
From 2024-04-23 00:22:19
0
11
2505
The child window operates the parent window, but the output does not respond. The first two sentences are executable, but the last sentence cannot be implemented.
From 2024-04-19 15:37:47
0
1
2129
There is no output in the parent window document.onclick = function(){ window.opener.document.write('I am the output of the child ...
From 2024-04-18 23:52:34
0
1
2001
Where is the courseware about CSS mind mapping? Courseware
From 2024-04-16 10:10:18
0
0
2077
Related Topics
More>
Popular Recommendations
Popular Tutorials
More>
Related Tutorials
Popular Recommendations
Latest courses
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template