Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to handle Session Expiry in ServiceWorker

Tags:

javascript

authentication

web-applications

fetch-api

service-worker

EDIT 1

One thing I didn't make clear in my use case was that the browser DOES NOT need to show the UX to authenticate, or at least it's optional.

    var credential = await navigator.credentials.get({
            password: true,  
            mediation: "silent",
            federated: {providers: federatedProviderURL}}
        );

If the user has logged off or removed passwords from the UA then it will fail (credential == null).

The credential spec writers may stipulate that, if called from ServiceWorker, mediation must be "silent" or, if otherwise and no UI available an: -

Error - NOUI Action requires UI to complete

But the important point here is in the vast majority of cases keyless re-authentication can take place.

Does that change things at all?

Cheers Richard

ORIGINAL POST: -

If a Fetch in my ServiceWorker receives a 401 from the server how do I re-authenticate with the server if I have no focused or foregrounded client?

NB: I'm talking about POST requests updating the server and not just reading from cache until the network is back.

Bring the client back into focus? Scary for user with no action causing that reaction and they may not be there to login again anyway.

What does Background-Synch do if it gets a 401?

If navigator.credentials was surfaced in a ServiceWorker that would be enough!

Sessions that never expire?

What are other people doing?

Yet again I'm banned from W3C/IETF Github :-(

If someone could add the following to ServiceWorker issues that would help: - Please see Use-Case

If a User Session has expired a ServiceWorker currently has no mechanisms available to re-authenticate with the server as there is no heuristic mechanism available for determining credentials.

If the credentials.get() was available then re-authentication could take place transparently. If federated (say Google) then if the user had logged out then that state would be honoured.

like image 299
McMurphy Avatar asked Nov 08 '22 14:11

McMurphy

1 Answers

It seems there has been discussion on this before. Please see GitHub

I think that background re-authenticating should be infrequent enough that a notification of the sign-in or failure is an appropriate and user-friendly solution.

Please comment over there if you have any ideas!

like image 138
McMurphy Avatar answered Nov 15 '22 10:11

McMurphy
Sign in to Comment

Related questions

Object not a function, on jspdf invocation
GraphQL - spread input args
Error: <rect> attribute y: Expected length, "NaN"
Defining array in javascript and keeping the name of array as name [duplicate]
Check if banner is loaded
Heroku: Update Node to latest version
Is there any downside to exposing resolve() and reject() outside of the Promise constructor? [duplicate]
Is it possible to attach a debugger to k6 scripts?
How to check if IE11 is in compatibility view using JS
RequireJS effecting an embedded jquery-ui widget
jQuery Selectors with React is ok?
javascript zoomable tree map click the last node
IE 11 Window.opener.dispatchEvent throws SCRIPT87: Invalid Argument
Store specific JSON array in variable
Describe the oft quoted disadvantage of Revealing Module Pattern with an example
Javascript variable from JSON feed object not recognized
IOS 11.1 SecurityError (DOM Exception 18): Blocked attempt to use history.replaceState() to change session history URL
Intermittent "Not a Product" Javascript Error
How to unittest Firefox 57 WebExtensions?
Nested React/Relay component not receiving props

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!