Access Token in Persistent Storage is removed on hard refresh.

[rg-najera]

A primer: I am able to intercept Axios requests and responses to make sure access-tokens and and any other header request keys I need replaced in storage and global config.headers - are swapped out on each request. One issue we were facing was to make sure that the headers were not being replaced when they came back empty from devise_token_auth, since at times they will be empty if the token has not yet expired (i.e. after first use). Resolved that through a custom axios interceptor. Navigating through the app and calling authenticated endpoints come back 200 with the correct response, was not happening out of the box for me - solved it in a similar way as below noted.

Feew...Getting tokens from device_token_auth, etc... That is all gravy. The main meat of the issue is how the verifyCredentials function is being called. When doing a hard refresh verifyCredentials gets called which in turn dispatches the verifyToken action. verifyToken doesn't seem to be aware of the empty headers and that it shouldn't call persistAuthHeadersInDeviceStorage(Storage, response.headers) if the headers are not present, which when it does - it completely squashes the persistent storage keys that will later be used by the next request.

Ive verified that setAuthHeaders and peristAuthHeadersInDeviceStorage need some sprucing up -- and keep in mind this is just an example (not familiar with TS as much as es6) where we could check if
the header[key] is there - const value = headers[key] || fromStorage; before setting it - where fromStorage is the value returned by storage.getItem(key) like below.

export const setAuthHeaders = (Storage: DeviceStorage, headers: AuthHeaders): void => {
  authHeaderKeys.forEach((key: string) => {
    Storage.getItem(key).then((fromStorage: string) => {
      const value = headers[key] || fromStorage;
      axios.defaults.headers.common[key] = value;
    });
  });
};

export const persistAuthHeadersInDeviceStorage = (Storage: DeviceStorage, headers: AuthHeaders): void => {
  authHeaderKeys.forEach((key: string) => {
    Storage.getItem(key).then((fromStorage: string) => {
      const value = headers[key] || fromStorage;
      Storage.setItem(key, value); // <--- Not really needed
    });
  });
};

Another option would be to simply not call persistAuthHeadersInDeviceStorage unless the access-token header is actually there. If not it will be replaced with undefined.

The verify token action

redux-token-auth/src/actions.ts

Line 169 in 8c5a8fe

const verifyToken = (

[rg-najera]

I have a PR available against master at #46

In case anyone is having the same issue with persist gate not redirecting to the path set up with generateRequireSignInWrapper (mentioned here #35 (comment)) - I have setup a new branch on my fork, that reverts the previous commits and starts off with the currently released NPM version found here - 4 commit behind master - and one ahead - https://github.com/el-rotny/redux-token-auth/tree/old_persistent_header_storage

[ziaulrehman40]

This bites lot of people, there are issues in devise-token-auth where people are banging their heads, this shoudl had been merged.
Now the PR is stale :/

[ziaulrehman40]

I wrote this script:

echo '----------------------'
echo 'Patching redix token auth due to https://github.com/kylecorbelli/redux-token-auth/issues/45'
echo 'It adds if checks of empty access-token'
echo '----------------------'
echo 'UPDATE THIS SCRIPT!!!!! if redux-token-auth is not on version: 0.19.0'
echo '----------------------'

REPLACE="                        if (response.headers['access-token'] && response.headers['access-token'] !== '') auth_1.setAuthHeaders(response.headers);";
ESCAPED_REPLACE=$(printf '%s\n' "$REPLACE" | sed -e 's/[\/&]/\\&/g');
sed -i '' "165s/.*/$ESCAPED_REPLACE/" node_modules/redux-token-auth/dist/actions.js

REPLACE2='                        if (response.headers["access-token"] && response.headers["access-token"] !== "") auth_1.persistAuthHeadersInLocalStorage(response.headers);';
ESCAPED_REPLACE2=$(printf '%s\n' "$REPLACE2" | sed -e 's/[\/&]/\\&/g');
sed -i '' "167s/.*/$ESCAPED_REPLACE2/" node_modules/redux-token-auth/dist/actions.js

And saved it under scripts/reduxTokenAuthHeaderFix.sh folder

And added postinstall in package.json like: "postinstall": "scripts/reduxTokenAuthHeaderFix.sh"

Works like a charm for now, did not want to rely on outdated or external forks which can be deleted anytime.
Until we get the fix upstream, this should work. 👍🏼