{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Lonely孤独者° 的问题《Automating access token refreshing via interceptor》','https://www.manongdao.com/q-581348.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
We've recently discussed an axios' interceptor for OAuth authentication token refresh in this question.
Basically, what the interceptor should do is to intercept any response with 401 status code and try to refresh the token.
With that in mind, the next thing to do is to return a Promise from the interceptor, so that any request which would have normally fail, would run as nothing happens after a token refresh.
The main problem is, that an interceptor checks only the 401 status code, which is not enough, as the refreshToken will also return 401 status code when it fails - and we have a loop.
There are two possible scenarios I have in mind:
- check the called URL, so if that's
/auth/refreshit shouldn't try to refresh the token; - omit an interceptor when the
refreshTokenlogic is called
The first option looks a bit "not dynamic" to me. The second option looks promising, but I'm not sure if it's event possible.
The main question is then, how can we differentiate/identify calls in an interceptor and run different logic for them without "hardcoding" it specifically, or is there any way to omit the interceptor for a specified call? Thank you in advance.
The code for an interceptor might help to understand the question:
Axios.interceptors.response.use(response => response, error => {
const status = error.response ? error.response.status : null
if (status === 401) {
// will loop if refreshToken returns 401
return refreshToken(store).then(_ => {
error.config.headers['Authorization'] = 'Bearer ' + store.state.auth.token;
error.config.baseURL = undefined;
return Axios.request(error.config);
})
// Would be nice to catch an error here, which would work, if the interceptor is omitted
.catch(err => err);
}
return Promise.reject(error);
});
and token refreshing part:
function refreshToken(store) {
if (store.state.auth.isRefreshing) {
return store.state.auth.refreshingCall;
}
store.commit('auth/setRefreshingState', true);
const refreshingCall = Axios.get('get token').then(({ data: { token } }) => {
store.commit('auth/setToken', token)
store.commit('auth/setRefreshingState', false);
store.commit('auth/setRefreshingCall', undefined);
return Promise.resolve(true);
});
store.commit('auth/setRefreshingCall', refreshingCall);
return refreshingCall;
}
Not sure if this suits your requirements or not, but another workaround could also be the separate Axios Instances (using
axios.createmethod) for refreshToken and the rest of API calls. This way you can easily bypass your default interceptor for checking the 401 status in case of refreshToken.So, now your normal interceptor would be the same.
And, your refreshToken would be like:
here are some nice links [1] [2], you can refer for Axios Instances
I may have found a way much simpler to handle this : use axios.interceptors.response.eject() to disable the interceptor when I call the /api/refresh_token endpoint, and re-enable it after.
The code :