Replies: 1 comment 1 reply
-
I can think of three options here:
In the case you'll fetch the provider API and you do need to tokens I think the third options is the best because the loaders or actions code doesn't need to care about refreshing the token. You can create a Sessions table on your DB, there store the OAuth2 provider (e.g. GitHub or Google), the user ID, the access token, the refresh token and the expiration date (the time it takes to expire comes on the extraParams, you can use that to get the exact date). Then, run a background job that uses the refresh token and access token, you can run it every hour (I think most tokens expires after an hour, but check this with each provider), get all the sessions expired or about to expire, check the provider name so you know the endpoints and refresh them, then update the expiration date and tokens on the sessions table. Now, on your loaders, when you need the access token, you can query that table and get the token and be sure it will be up to date. |
Beta Was this translation helpful? Give feedback.
-
I know this is outside the scope of this project, but would love some help as I've been banging my head against the wall all day.
I believe you would typically store these using a 'Set-Cookie' header. I've been trying to do that in my
setUserData()
function that I call in the verify callback after I get the tokens and profile. But this just doesn't seem to be keeping those tokens around.Flow:
Including the relevant part of my /api/setUser resource route where I try to set the cookie
Beta Was this translation helpful? Give feedback.
All reactions