Option to skip interceptor / not abort request if tokens are expired

[mfrascati]

I have a website offering content to unregistered users, and additional contents to logged users. I'm migrating from v4 to v5 and encountered an issue when access token and refresh tokens are expired.

Basically in my request I'm returning an article. If valid token, the response contains additional information, for example whether the user liked the content, suggested articles, and so on. So, for not essential requests token can be passed but it's not mandatory, and if access token is expired backend returns 200. On mandatory endpoints backend returns 401.

On v4 I was handling this behavior with axios onResponseError interceptor.

I like the change provided on the module to check if tokens are expired before making the request, but in my use case it's too severe as it drops a request which could have been handled by the server. It's ok to logout user and do scheme.reset(), but there should be a way to make the request even with expired token, or to continue after having removed it.

Maybe there could be some option like allowExpiredTokenRequests skipping all the checks in initializeRequestInterceptor(), or abortRequest (when token expired)?

If you agree with this change we can discuss about it and I cloud provide a PR.

(Maybe I've missed it, but shouldn't be also an onResponseError interceptor handling 401s caused by situations such as revoked tokens?)

thanks for the great work!

[mfrascati]

Any ideas on how to handle optional token validity?

[zenire]

Shouldn't autoLogout: false handle this?

[mfrascati]

@zenire nope. Logging out the user is fine, but I want the request to go on.

Server accepts both authenticated requests and unauthenticated, and returns slightly different responses.

I don't understand why the request needs to be always dropped (and how this problem is not affecting other people)

[hjJunior]

It would be nice to allow the request go, I've many requests that doesn't require the token, since I'm using Laravel JWT provider, once the token is expired the refresh token is the same.. so the public requests is being dropped

[mfrascati]

I'll try to repropose my case, to move this discussion and try to implement this feature.

• User logs in
• request Article -> get article (with valid token) -> backend returns article + tracks user read it
• meanwhile token expires, no refresh available. User is logged out
• request Article -> get article (with expired token) -> backend returns article (doesn't track read)

This behavior is currently unsupported since the interceptor drops the request.

I'm experimenting a workaround, extending axios.$get and $post within an axios plugin file, detaching the strategy interceptor and reattaching after making the request. Note that this is skipping the whole refresh token part, while still passing the access token (which could be expired) to the server.

export default function ({ $axios, redirect, app }) {
  $axios.$getUnauth = (url, config = []) => {
    app.$auth.strategy.requestHandler.reset();
    const req = $axios.$get(url, config);
    app.$auth.strategy.initializeRequestInterceptor();
    return req;
  };
  $axios.$postUnauth = (url, data = null, config = []) => {
    app.$auth.strategy.requestHandler.reset();
    const req = $axios.$post(url, data, config);
    app.$auth.strategy.initializeRequestInterceptor();
    return req;
  };
...
});

Maybe the RequestHandler interceptor could check some skipInterceptor/allowUnautheticated param provided to the $get/$post config, and let the request pass. Like:

this.$axios.$get('/api/some', {skipInterceptor: true});