Skip to content
This repository has been archived by the owner on Jul 14, 2022. It is now read-only.

Handle JWT token refreshing and verifying #883

Merged
merged 4 commits into from
Sep 10, 2020
Merged

Conversation

orzechdev
Copy link
Contributor

@orzechdev orzechdev commented Sep 2, 2020

I want to merge this change because... it shows a loading state when the token is refreshing due to token expiration or it is verifying when the application starts - all the token expiration and verification logic is delegated to the SDK, implemented in saleor/saleor-sdk#29 and saleor/saleor-sdk#30 respectively.

⚠️ To test if the functionality works make sure to have HTTPS connection on both frontend and backend and backend to have SameSite=None and Secure flags set in set-cookie header received from tokenCreate mutation (saleor/saleor/core/middleware.py) - testing with cross-site domains requires HTTPS and Secure flag set to mitigate network attacks https://web.dev/samesite-cookies-explained. Also make sure to have set saleor env JWT_EXPIRE=True and set expiration delta e.g. JWT_TTL_ACCESS="1 minutes".
In saleor/saleor/core/middleware.py:

def jwt_refresh_token_middleware(get_response):
    ...
    response.set_cookie(
        ...
        secure=True,
        samesite="None"
    )

⚠️ Before merge SDK dependency must be updated when changes with saleor/saleor-sdk#29 and saleor/saleor-sdk#30 will be released.

Screenshots

Pull Request Checklist

  1. All visible strings are translated with proper context.
  2. All data-formatting is locale-aware (dates, numbers, and so on).
  3. The changes are tested.
  4. The code is documented (docstrings, project documentation).
  5. Changes are mentioned in the changelog.

Test Environment Config

API_URI=https://master.staging.saleor.rocks/graphql/

@github-actions github-actions bot temporarily deployed to feature-jwt-expiration September 2, 2020 09:07 Inactive
@orzechdev orzechdev changed the title Handle JWT token expiration Handle JWT token refreshing Sep 2, 2020
@github-actions github-actions bot temporarily deployed to feature-jwt-expiration September 2, 2020 09:15 Inactive
@github-actions github-actions bot temporarily deployed to feature-jwt-expiration September 2, 2020 15:04 Inactive
@orzechdev orzechdev marked this pull request as ready for review September 2, 2020 15:43
src/views/Collection/View.tsx Outdated Show resolved Hide resolved
@orzechdev orzechdev force-pushed the feature/jwt-expiration branch 5 times, most recently from 057e200 to fc5de92 Compare September 5, 2020 13:12
@orzechdev orzechdev changed the title Handle JWT token refreshing Handle JWT token refreshing and validating Sep 5, 2020
@orzechdev orzechdev changed the title Handle JWT token refreshing and validating Handle JWT token refreshing and verifying Sep 5, 2020
@patrys
Copy link
Member

patrys commented Sep 7, 2020

@github-actions github-actions bot temporarily deployed to feature-jwt-expiration September 7, 2020 14:13 Inactive
@github-actions github-actions bot temporarily deployed to feature-jwt-expiration September 10, 2020 10:55 Inactive
@github-actions github-actions bot temporarily deployed to feature-jwt-expiration September 10, 2020 10:58 Inactive
@github-actions github-actions bot temporarily deployed to feature-jwt-expiration September 10, 2020 11:23 Inactive
@orzechdev orzechdev merged commit 7800282 into master Sep 10, 2020
@orzechdev orzechdev deleted the feature/jwt-expiration branch September 10, 2020 11:29
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants