This middlware injects a JWT access token onto part of a qualifying action's payload. If the current access token exists but is not valid, you will be able to refresh the user's current access token prior to the action getting passed on to your API middleware.
Why Use this Library?
It's trivial to update a refresh token with many networking libraries. However, many of
them do not handle deadlocks. For example many of the APIs we write prevent replay attacks
on refresh tokens. What if you're client kicks off two simultaneous requests? It's not
uncommon to encounter a race condition where one request kicks off a refresh process and
automatically invalidates the other.
This library gets around this by using a generator to create a deadlock and queues all
processes awaiting the access token. This way if multiple requests are made only one
refresh request will occur and all requests will continue upon success. This library also
will utilize your cached token automatically and only refresh your token via an async
operation as needed.
Where this lives in your middleware stack:
redux-jwt-protected-middleware
redux-api-middleware, apollo-client, etc..
...
redux-thunk
Limitations:
This middleware's job is simply to refresh the access token if needed. It's your job to inject the access token as an authorization header. If the user is not authenticated the middleware will throw an error if it cannot refresh the accesstoken.
Redux Usage:
I like to configure the middleware inside of a dedicated module:
Alternatively if you're using a library like the Apollo Client, which utilizes
it's own middleware stack for networking, you can use the async helper function
directly: