PrimeDashAppearance
Authentication (Auth) Overview
Login Flow
When a user logs in, the system verifies their credentials and, upon success, generates two tokens: an access token and a refresh token. These tokens are then stored in cookies. The access token is used for authenticating the user in subsequent API requests, while the refresh token is used to refresh the access token when it expires. This ensures that the user remains authenticated for an extended period without needing to log in again.
Token Expiry and Refresh Flow
To handle token expiry, an Axios interceptor is implemented. When an access token expires (i.e., the server returns a 401 Unauthorized response), the interceptor checks for the presence of the refresh token. If available, the refresh token is sent to the server to retrieve new access and refresh tokens. These new tokens are then saved in cookies, and the original request is retried with the new access token. If the refresh token is expired or invalid, the user is logged out and redirected to the login page.
Logout
When the user logs out, both the access token and refresh token are removed from the cookies, ensuring that no sensitive data remains in the user's session.
INFO
This implementation is for demonstration purposes only. In this project, we use Axios Mock Adapter to simulate a real-world backend. This mock implementation is designed to mimic the authentication and access control flow but does not interact with a real backend system.
When integrating this with an actual backend, you will need to adjust the API endpoints and modify the logic for handling JWT token issuance, refresh token functionality, and user role management. Specifically, replace the mock logic with real API calls to your backend server that will handle user authentication and access control securely.