Checking Authenticated State with Auth Connect

Auth Connect 5 no longer ships with a built in method for checking the authentication status of the application. Implementing this functionality is left up to the developer, so that they may best decide for their application what it means to be authenticated. Auth Connect provides all the tools necessary to implement this functionality.

Considerations

In building out our own isAuthenticated method, we need to consider a few things:

• What does it mean to be authenticated? Is a non-expired access_token sufficient?
• If we have a refresh_token, should we attempt to refresh an expired access_token?
• What about if we are in a no-network environment?
• What if the attempt to refresh fails due to a network error?
• Do we have any geo-restrictions on our application?

The answers to these questions can and do change between applications, so you should consider them, along with any other requirements your specific application may have.

Tools

Auth connect provides a few tools to help you implement your own isAuthenticated method:

• isAccessTokenAvailable - Checks if your AuthResult has an access_token available.
• isAccessTokenExpired - Checks if your AuthResult has an expired access_token.
• isRefreshTokenAvailable - Checks if your AuthResult has a refresh_token available.
• refreshSession - Attempts to refresh your session using the refresh_token in your AuthResult.

These are your building blocks for implementing your own isAuthenticated method. You should combine these with other APIs or application logic to determine if the user is authenticated.

warning

Only JWT tokens can be used to perform operations on access tokens. Auth Connect cannot decode other types of access tokens.

Example

In our example, we'll make a simple version of isAuthenticated with the following requirements:

1. A user is considered Authenticated if they have a non-expired access_token.
2. If the access_token is expired and we have a refresh_token, we will attempt to refresh the session.
3. If the refresh is successful, we update our AuthResult and consider the user authenticated.
4. In a no-network environment, determined by navigator.onLine we consider the user authenticated, regardless of expire status of the access_token as long as we have a refresh_token.

async function isAuthenticated(authResult: AuthResult) {
  const isAccessTokenAvailable = await AuthConnect.isAccessTokenAvailable(authResult);
  const isAccessTokenExpired = await AuthConnect.isAccessTokenExpired(authResult);
  const isRefreshTokenAvailable = await AuthConnect.isRefreshTokenAvailable(authResult);

  if (isAccessTokenAvailable && !isAccessTokenExpired) {
    return true;
  }

  if (!navigator.onLine) {
    if (isRefreshTokenAvailable) return true;
    await clearAuthResult();
    return false;
  }

  try {
    const refreshedAuthResult = await AuthConnect.refreshSession(authResult);
    await saveAuthResult(refreshedAuthResult);
    return true;
  } catch (err) {
    // Refresh failed, or no `refresh_token` available
    await clearAuthResult();
    return false;
  }
}