Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
apollo-link-opaque-refresh
Advanced tools
npm i apollo-link-opaque-refresh
Apollo Link to handle expired tokens (both JWT and opaque tokens) on auth-expired requests.
This link operates bi-directionally. When a query responds with an error, a handler is triggered to determine whether that response conforms to a "token expired" error.
If the request is deemed to be a token expiry, the query will be queued for re-attempt, and the token refresh handler will be started.
While the token is being refreshed, all requests attempted will be paused and queued before hitting terminating link. Once the token refresh is finished (either successful refresh or failure to refresh) the queue will be processed and all requests will be resumed.
This link does not check the token before sending queries. It operates on responses, therefore allowing a silent refresh mechanism for all types of tokens. It will pause outgoing queries if an active refresh is present. This is useful if your token expiry offset is unreliable on client or your tokens are using a proprietary format.
If you want to refresh and queue your queries prior to making a failing request, try newsiberian/apollo-link-token-refresh
tokenRefreshLink({
refreshToken: async () => {
try {
await performSomeTokenRefresh();
} catch (error) {
userSignOut();
throw error;
}
},
shouldRefresh: ({ operation, result, networkError }) => {
return networkError?.statusCode === 401;
},
})
The link takes a single options
object with the following required properties:
property | description | |
---|---|---|
refreshToken | () => Promise | Implements your token refresh mechanism. Throw an error if unable to refresh. Successful resolve implies token was refreshed and is available to further links. |
shouldRefresh | ({ operation, result, networkError }) => boolean | Using the provided values should determine whether the response warrants a token refresh. |
FAQs
Apollo Link for token refresh of JWT or Opaque tokens
We found that apollo-link-opaque-refresh demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.