Unable to refresh Auth token once RedwoodProvider is mounted.

[hemildesai]

RedwoodProvider caches the authToken at https://github.com/redwoodjs/redwood/blob/main/packages/web/src/components/RedwoodProvider.js#L15-L24.

Generally, most authTokens have an expiry time (usually 1 hour). So if I leave the tab containing the redwood website open for longer than an hour, and then try to navigate to a different route using navigate(routes.home()), and if that route contains a GraphQL request requiring auth, the request will fail because the token will be expired.

I am using FirebaseAuth and have run into this issue on multiple occasions. I assume this will be an issue for all auth providers. Once I refresh the page, RedwoodProvider gets mounted again and the token is refreshed.

I looked around a bit and found something that can help at - https://stackoverflow.com/questions/57163454/refreshing-a-token-with-apollo-client-firebase-auth. It seems you can add an apollo-link-error link to the ApolloClient config that checks for Token expired errors and refreshes the token state in RedwoodProvider. However, the implementation of such a thing would be on a per Auth provider basis. Another way would be to implement polling in the RedwoodProvider that checks regularly if the token has expired. But that would also require knowledge of the token expiry.

[hemildesai]

Another issue is that when you sign out in one tab and the token is cached in another, you might be able to make authenticated requests in the other tab until it is refreshed or the token expires.