Skip to main content
Version: 6.0

Checking Authenticated State with Auth Connect

Auth Connect 5 no longer ships with a built in method for checking the authentication status of the application. Implementing this functionality is left up to the developer, so that they may best decide for their application what it means to be authenticated. Auth Connect provides all the tools necessary to implement this functionality.

Considerations

In building out our own isAuthenticated method, we need to consider a few things:

  • What does it mean to be authenticated? Is a non-expired access_token sufficient?
  • If we have a refresh_token, should we attempt to refresh an expired access_token?
  • What about if we are in a no-network environment?
  • What if the attempt to refresh fails due to a network error?
  • Do we have any geo-restrictions on our application?

The answers to these questions can and do change between applications, so you should consider them, along with any other requirements your specific application may have.

Tools

Auth connect provides a few tools to help you implement your own isAuthenticated method:

  • isAccessTokenAvailable - Checks if your AuthResult has an access_token available.
  • isAccessTokenExpired - Checks if your AuthResult has an expired access_token.
  • isRefreshTokenAvailable - Checks if your AuthResult has a refresh_token available.
  • refreshSession - Attempts to refresh your session using the refresh_token in your AuthResult.

These are your building blocks for implementing your own isAuthenticated method. You should combine these with other APIs or application logic to determine if the user is authenticated.

warning

Only JWT tokens can be used to perform operations on access tokens. Auth Connect cannot decode other types of access tokens.

Example

In our example, we'll make a simple version of isAuthenticated with the following requirements:

  1. A user is considered Authenticated if they have a non-expired access_token.
  2. If the access_token is expired and we have a refresh_token, we will attempt to refresh the session.
  3. If the refresh is successful, we update our AuthResult and consider the user authenticated.
  4. In a no-network environment, determined by navigator.onLine we consider the user authenticated, regardless of expire status of the access_token as long as we have a refresh_token.

_25
async function isAuthenticated(authResult: AuthResult) {
_25
const isAccessTokenAvailable = await AuthConnect.isAccessTokenAvailable(authResult);
_25
const isAccessTokenExpired = await AuthConnect.isAccessTokenExpired(authResult);
_25
const isRefreshTokenAvailable = await AuthConnect.isRefreshTokenAvailable(authResult);
_25
_25
if (isAccessTokenAvailable && !isAccessTokenExpired) {
_25
return true;
_25
}
_25
_25
if (!navigator.onLine) {
_25
if (isRefreshTokenAvailable) return true;
_25
await clearAuthResult();
_25
return false;
_25
}
_25
_25
try {
_25
const refreshedAuthResult = await AuthConnect.refreshSession(authResult);
_25
await saveAuthResult(refreshedAuthResult);
_25
return true;
_25
} catch (err) {
_25
// Refresh failed, or no `refresh_token` available
_25
await clearAuthResult();
_25
return false;
_25
}
_25
}