Handle jwt expiration after a while about socketio-jwt HOT 2 CLOSED

What I can see socketio-jwt makes sure the jwt is valid and has not expired during the connection phase.

Yes, that's exactly that. If the token expires, you should revalidate yourself, this library doesn't handle this case.
However, you can handle this case client side like this:

import { isUnauthorizedError } from '@thream/socketio-jwt/build/UnauthorizedError.js'

// Handling token expiration
socket.on('connect_error', (error) => {
  if (isUnauthorizedError(error)) {
    console.log('User token has expired')
    // Here you can call your API (e.g: `/refresh-token`) to get a new valid JWT token and then set it (`newValidToken`)
    socket.auth['token'] = newValidToken
  }
})

You can see how I implemented this client side using Axios here: https://github.com/Thream/website/blob/develop/tools/authentication/Authentication.ts

Also you can see how the backend works here: https://github.com/Thream/api/blob/develop/src/services/users/refresh-token/post.ts

from socketio-jwt.

Thank you for the response @theoludwig!
I'll will have to figure out how and when to revalidate the token. Either to check the expiration date on each incoming socket event or to add a timeout callback when the connection is made.

When looking at the code examples you sent, you revalidate the token for each incoming http call, right? So if the user only uses the websocket when the token has expired, nothing will stop it if I'm correct?
Maybe your app requires the user to send http calls from time to time. The thing I'm doing right now lets the user only use websocket for communication so it would be good to make sure no incoming events gets through after the token has expired.

from socketio-jwt.