npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

xior-auth-refresh

v0.6.0

Published

Xior plugin which makes it very easy to automatically refresh the authorization tokens of your clients

Downloads

373

Readme

Package version Package size Package downloads Package types definitions

xior-auth-refresh

This library is a fork of the brilliant axios-auth-refresh library by Dawid Zbiński.

Library that helps you implement automatic refresh of authorization via xior interceptors. You can easily intercept the original request when it fails, refresh the authorization and continue with the original request, without any user interaction.

What happens when the request fails due to authorization is all up to you. You can either run a refresh call for a new authorization token or run a custom logic.

The plugin stalls additional requests that have come in while waiting for a new authorization token and resolves them when a new token is available.

Installation

Using npm or yarn:

npm install xior-auth-refresh --save
# or
yarn add xior-auth-refresh

Syntax

createAuthRefreshInterceptor(
    xior: XiorInstance,
    refreshAuthLogic: (failedRequest: any) => Promise<any>,
    options: XiorAuthRefreshOptions = {}
): number;

Parameters

  • xior - an instance of Xior
  • refreshAuthLogic - a Function used for refreshing authorization (must return a promise). Accepts exactly one parameter, which is the failedRequest returned by the original call.
  • options - object with settings for interceptor (See available options)

Returns

Interceptor anonymous function.

Usage

In order to activate the interceptors, you need to import a function from xiorf-auth-refresh which is exported by default and call it with the xior instance you want the interceptors for, as well as the refresh authorization function where you need to write the logic for refreshing the authorization.

The interceptors will then be bound onto the xior instance, and the specified logic will be run whenever a 401 (Unauthorized) status code is returned from a server (or any other status code you provide in options). All the new requests created while the refreshAuthLogic has been processing will be bound onto the Promise returned from the refreshAuthLogic function. This means that the requests will be resolved when a new access token has been fetched or when the refreshing logic failed.

import xior from 'xior';
import createAuthRefreshInterceptor from 'xior-auth-refresh';

// Function that will be called to refresh authorization
const refreshAuthLogic = (failedRequest) =>
    xior.post('https://www.example.com/auth/token/refresh').then((tokenRefreshResponse) => {
        localStorage.setItem('token', tokenRefreshResponse.data.token);
        failedRequest.response.config.headers['Authorization'] = 'Bearer ' + tokenRefreshResponse.data.token;
        return Promise.resolve();
    });

// Instantiate the interceptor
createAuthRefreshInterceptor(xior, refreshAuthLogic);

// Make a call. If it returns a 401 error, the refreshAuthLogic will be run,
// and the request retried with the new token
xior.get('https://www.example.com/restricted/area').then(/* ... */).catch(/* ... */);

Skipping the interceptor

There's a possibility to skip the logic of the interceptor for specific calls. To do this, you need to pass the skipAuthRefresh option to the request config for each request you don't want to intercept.

xior.get('https://www.example.com/', { skipAuthRefresh: true });

Request interceptor

Since this plugin automatically stalls additional requests while refreshing the token, it is a good idea to wrap your request logic in a function, to make sure the stalled requests are using the newly fetched data (like token).

Example of sending the tokens:

// Obtain the fresh token each time the function is called
function getAccessToken() {
    return localStorage.getItem('token');
}

// Use interceptor to inject the token to requests
xior.interceptors.request.use((request) => {
    request.headers['Authorization'] = `Bearer ${getAccessToken()}`;
    return request;
});

Available options

Status codes to intercept

You can specify multiple status codes that you want the interceptor to run for.

{
    statusCodes: [401, 403], // default: [ 401 ]
}

Customize intercept logic

You can specify multiple status codes that you want the interceptor to run for.

{
    shouldRefresh: (error) =>
        error?.response?.data?.business_error_code === 100385,
}

Retry instance for stalled requests

You can specify the instance which will be used for retrying the stalled requests. Default value is undefined and the instance passed to createAuthRefreshInterceptor function is used.

{
    retryInstance: someXiorInstance, // default: undefined
}

onRetry callback before sending the stalled requests

You can specify the onRetry callback which will be called before each stalled request is called with the request configuration object.

{
    onRetry: (requestConfig) => ({ ...requestConfig, baseURL: '' }), // default: undefined
}

Pause the instance while "refresh logic" is running

While your refresh logic is running, the interceptor will be triggered for every request which returns one of the options.statusCodes specified (HTTP 401 by default).

In order to prevent the interceptors loop (when your refresh logic fails with any of the status codes specified in options.statusCodes) you need to use a skipAuthRefresh flag on your refreshing call inside the refreshAuthLogic function.

In case your refresh logic does not make any calls, you should consider using the following flag when initializing the interceptor to pause the whole xior instance while the refreshing is pending. This prevents interceptor from running for each failed request.

{
    pauseInstanceWhileRefreshing: true, // default: false
}

Intercept on network error

Some CORS APIs may not return CORS response headers when an HTTP 401 Unauthorized response is returned. In this scenario, the browser won't be able to read the response headers to determine the response status code.

To intercept any network error, enable the interceptNetworkError option.

CAUTION: This should be used as a last resort. If this is used to work around an API that doesn't support CORS with an HTTP 401 response, your retry logic can test for network connectivity attempting refresh authentication.

{
    interceptNetworkError: true, // default: undefined
}