userSignedIn() returns true even with expired/invalid token

[acegilz]

I'm submitting a...

• Other... Please describe:

Current behavior

I use the UserSignedin() to detect if the user is signed in:

if (this.authTokenService.userSignedIn() == true) {
     //authenticated calls
}

However sometimes after several minutes of login/calls I start receiving 401 errors from the backend, and I conclude that somehow angular-token is assuming it's logged in but don't accepted on the backed.

I am pretty sure this is a bug, but I would like to know what am I doing wrong, and also what's the correct approach to verify it the token is valid and if the user is logged in? I used the validateToken() before but also run in similar issues that's why I switched to this approach

[arjenbrandenburgh]

You can try setting the option signOutFailedValidate to true.
This way, when a validateToken fails, the frontend will also assume it's not signed in

[acegilz]

@arjenbrandenburgh thanks, that behavior should be perfect and IMO come by default, will try

[arjenbrandenburgh]

Closing this issue.
If this issue still persists, feel free to re-open.

[acegilz]

@arjenbrandenburgh This solution is not working, it returns 401 and still don't officially logout (clear localstorage things etc)
The reason why it logs out it's also uncertain, I think it may be related with this issue: #457

[acegilz]

[Grafexy]

it's not signing out because of

https://github.com/neroniaky/angular-token/blob/master/projects/angular-token/src/lib/angular-token.service.ts#L251

it is calling signOut function, but signOut will return observer and it will not run because nothing is subscribed to it

[acegilz]

Yes, it makes sense now...

I'll try to find another way to fix this issue and also why it logs out in the first place

[neroniaky]

@Grafexy Good catch 👍

[zinderud]

my solution

  getToken(): string {
    return localStorage.getItem("accessToken");
  }
  getTokenExpirationDate(token: string): Date {
    if (!token) token = this.getToken();
    if (localStorage.getItem("expiry") === undefined) return null;
    const date = new Date(0);
    date.setUTCSeconds(+localStorage.getItem("expiry"));
    return date;
  }
  isTokenExpired(token?: string): boolean {
    const date = this.getTokenExpirationDate(token);
    console.log("date", date, date.valueOf(), new Date().valueOf());
    if (date === undefined) return false;
    return !(date.valueOf() > new Date().valueOf());
  }

[acegilz]

@zinderud where / when / what frequency do you call that isTokenExpired() ?

[zinderud]

my usage

import { Injectable } from '@angular/core';
import { CanActivate, Router } from '@angular/router';
import { Angular2TokenService } from './angular2-token.service';
import { AuthService } from './auth.service';

@Injectable()
export class AuthGuard implements CanActivate {

  constructor (
    private authService: AuthService,
    public aService: Angular2TokenService,
    private router: Router
  ) {}

  public canActivate() {

    if (!this.authService.isTokenExpired() && this.aService.userSignedIn()) {
      return true;
    } else {
      this.router.navigate(['/']);
      return false;
    }
  }
}