The latest articles on DEV Community by JayPansuriya (@jaypansuriya). https://dev.to/jaypansuriya https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F571883%2Ff5573a37-eaa5-4f33-b509-ff39d319b79f.png https://dev.to/jaypansuriya en JayPansuriya Mon, 30 Dec 2024 09:35:33 +0000 https://dev.to/jaypansuriya/refresh-token-in-angular-143l https://dev.to/jaypansuriya/refresh-token-in-angular-143l <p>Maintaining user sessions without constant logins is key to a smooth web experience. In this blog, I’ll show you how to implement a token refresh workflow in Angular, handling 401 errors and managing concurrent requests effectively.</p> <h2> What is a Refresh Token Workflow? </h2> <p>In authentication systems, access tokens have a short lifespan to minimize security risks. When an access token expires, the refresh token allows the application to request a new access token from the server without requiring the user to log in again.</p> <h2> Angular Implementation </h2> <p>We’ll implement a refresh token mechanism using Angular’s <code>HttpInterceptor</code>. The goal is to intercept unauthorized requests (401 errors) and refresh the token before retrying the original request.</p> <h2> Complete Workflow </h2> <ul> <li><p>Request Interception:<br> An interceptor detects a 401 Unauthorized response.</p></li> <li><p>Token Refresh:<br> If the token is expired, refreshToken fetches a new token.</p></li> <li><p>Retry Request:<br> The original request is retried with the new token.</p></li> <li><p>Queue Management:<br> Pending requests are processed once the token is refreshed.</p></li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fj2b0a2f0qe2qu6eezx98.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fj2b0a2f0qe2qu6eezx98.png" alt="refresh token workflow" width="800" height="464"></a></p> <h2> Code Overview </h2> <ol> <li>Token Refresh Logic The <code>handleUnauthorized</code> method handles refreshing the token when a request fails due to an expired token. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nf">handleUnauthorized</span><span class="p">(</span> <span class="nx">req</span><span class="p">:</span> <span class="nx">HttpRequest</span><span class="o">&lt;</span><span class="nx">any</span><span class="o">&gt;</span><span class="p">,</span> <span class="nx">next</span><span class="p">:</span> <span class="nx">HttpHandlerFn</span> <span class="p">):</span> <span class="nx">Observable</span><span class="o">&lt;</span><span class="nx">any</span><span class="o">&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="k">this</span><span class="p">.</span><span class="nx">isRefreshingToken</span><span class="p">)</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">isRefreshingToken</span> <span class="o">=</span> <span class="kc">true</span><span class="p">;</span> <span class="c1">// Notify all waiting requests that the token is being refreshed</span> <span class="k">this</span><span class="p">.</span><span class="nx">tokenSubject</span><span class="p">.</span><span class="nf">next</span><span class="p">(</span><span class="kc">null</span><span class="p">);</span> <span class="k">return</span> <span class="k">this</span><span class="p">.</span><span class="nf">refreshToken</span><span class="p">().</span><span class="nf">pipe</span><span class="p">(</span> <span class="nf">switchMap</span><span class="p">((</span><span class="na">newToken</span><span class="p">:</span> <span class="nx">string</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">newToken</span><span class="p">)</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">tokenSubject</span><span class="p">.</span><span class="nf">next</span><span class="p">(</span><span class="nx">newToken</span><span class="p">);</span> <span class="c1">// Retry the original request with the new token</span> <span class="k">return</span> <span class="nf">next</span><span class="p">(</span><span class="k">this</span><span class="p">.</span><span class="nf">addToken</span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">newToken</span><span class="p">));</span> <span class="p">}</span> <span class="c1">// If token refresh fails, log out the user</span> <span class="k">this</span><span class="p">.</span><span class="nf">logout</span><span class="p">();</span> <span class="k">return</span> <span class="nf">throwError</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="dl">'</span><span class="s1">Token expired</span><span class="dl">'</span><span class="p">);</span> <span class="p">}),</span> <span class="nf">catchError</span><span class="p">((</span><span class="nx">error</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nf">logout</span><span class="p">();</span> <span class="c1">// Log out on error</span> <span class="k">return</span> <span class="nf">throwError</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="nx">error</span><span class="p">);</span> <span class="p">}),</span> <span class="nf">finalize</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">isRefreshingToken</span> <span class="o">=</span> <span class="kc">false</span><span class="p">;</span> <span class="c1">// Reset the flag</span> <span class="p">}),</span> <span class="p">);</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="c1">// Queue requests while a token is being refreshed</span> <span class="k">return</span> <span class="k">this</span><span class="p">.</span><span class="nx">tokenSubject</span><span class="p">.</span><span class="nf">pipe</span><span class="p">(</span> <span class="nf">filter</span><span class="p">((</span><span class="nx">token</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">token</span> <span class="o">!=</span> <span class="kc">null</span><span class="p">),</span> <span class="nf">take</span><span class="p">(</span><span class="mi">1</span><span class="p">),</span> <span class="nf">switchMap</span><span class="p">((</span><span class="nx">token</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nf">next</span><span class="p">(</span><span class="k">this</span><span class="p">.</span><span class="nf">addToken</span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">token</span><span class="p">))),</span> <span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>The <code>handleUnauthorized</code> function is designed to manage scenarios where an HTTP request receives a 401 Unauthorized status, indicating that the access token has expired or is invalid. This function ensures that the application can refresh the token and retry the failed request seamlessly.</p> <ol> <li>Prevent Multiple Refresh Requests The function uses the <code>isRefreshingToken</code> flag to ensure only one token refresh request is made at a time. If the token is already being refreshed, subsequent requests are queued until the new token is available. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="k">this</span><span class="p">.</span><span class="nx">isRefreshingToken</span><span class="p">)</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">isRefreshingToken</span> <span class="o">=</span> <span class="kc">true</span><span class="p">;</span> <span class="k">this</span><span class="p">.</span><span class="nx">tokenSubject</span><span class="p">.</span><span class="nf">next</span><span class="p">(</span><span class="kc">null</span><span class="p">);</span> </code></pre> </div> <ol> <li>Refresh the Token If no refresh request is in progress, it initiates a token refresh using the <code>refreshToken</code> method. Once a new token is received:</li> </ol> <ul> <li>It is stored in the <code>tokenSubject</code>.</li> <li>The original request is retried with the updated token. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">return</span> <span class="k">this</span><span class="p">.</span><span class="nf">refreshToken</span><span class="p">(</span><span class="nx">url</span><span class="p">).</span><span class="nf">pipe</span><span class="p">(</span> <span class="nf">switchMap</span><span class="p">((</span><span class="nx">newToken</span><span class="p">:</span> <span class="nx">string</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">newToken</span><span class="p">)</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">tokenSubject</span><span class="p">.</span><span class="nf">next</span><span class="p">(</span><span class="nx">newToken</span><span class="p">);</span> <span class="k">return</span> <span class="nf">next</span><span class="p">(</span><span class="k">this</span><span class="p">.</span><span class="nf">addToken</span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">newToken</span><span class="p">));</span> <span class="p">}</span> <span class="k">this</span><span class="p">.</span><span class="nf">logout</span><span class="p">();</span> <span class="k">return</span> <span class="nf">throwError</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="dl">'</span><span class="s1">Token expired</span><span class="dl">'</span><span class="p">);</span> <span class="p">}),</span> </code></pre> </div> <ol> <li>Handle Concurrent Requests If a token refresh is already in progress, the function queues subsequent requests. These requests wait for the <code>tokenSubject</code> to emit the new token before proceeding. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">return</span> <span class="k">this</span><span class="p">.</span><span class="nx">tokenSubject</span><span class="p">.</span><span class="nf">pipe</span><span class="p">(</span> <span class="nf">filter</span><span class="p">((</span><span class="nx">token</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">token</span> <span class="o">!=</span> <span class="kc">null</span><span class="p">),</span> <span class="c1">// Wait for a non-null token</span> <span class="nf">take</span><span class="p">(</span><span class="mi">1</span><span class="p">),</span> <span class="c1">// Only take the first emitted token</span> <span class="nf">switchMap</span><span class="p">((</span><span class="nx">token</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nf">next</span><span class="p">(</span><span class="k">this</span><span class="p">.</span><span class="nf">addToken</span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">token</span><span class="p">))),</span> <span class="p">);</span> </code></pre> </div> <ol> <li>Error Handling If the token refresh fails or throws an exception:</li> </ol> <ul> <li>The user is logged out.</li> <li>An error is returned to the caller. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nf">catchError</span><span class="p">((</span><span class="nx">error</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nf">logout</span><span class="p">();</span> <span class="k">return</span> <span class="nf">throwError</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="nx">error</span><span class="p">);</span> <span class="p">}),</span> </code></pre> </div> <ol> <li>Cleanup The finalize operator ensures that the <code>isRefreshingToken</code> flag is reset, allowing subsequent refresh requests. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nf">finalize</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">isRefreshingToken</span> <span class="o">=</span> <span class="kc">false</span><span class="p">;</span> <span class="p">}),</span> </code></pre> </div> <p>Adding the Token to Requests<br> The addToken method appends the new token to the headers of the outgoing request.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nf">addToken</span><span class="p">(</span><span class="nx">request</span><span class="p">:</span> <span class="nx">HttpRequest</span><span class="o">&lt;</span><span class="nx">any</span><span class="o">&gt;</span><span class="p">,</span> <span class="nx">token</span><span class="p">:</span> <span class="nx">string</span><span class="p">):</span> <span class="nx">HttpRequest</span><span class="o">&lt;</span><span class="nx">any</span><span class="o">&gt;</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">request</span><span class="p">.</span><span class="nf">clone</span><span class="p">({</span> <span class="na">setHeaders</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">X-Token</span><span class="dl">'</span><span class="p">:</span> <span class="nx">token</span><span class="p">,</span> <span class="p">},</span> <span class="p">});</span> <span class="p">}</span> </code></pre> </div> <h2> Using It in an Angular HTTP Interceptor </h2> <p>An <code>HttpInterceptor</code> is a perfect place to implement this workflow. It allows you to intercept all HTTP requests and handle token management globally without modifying individual service calls.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">return</span> <span class="nx">next</span><span class="p">.</span><span class="nf">handle</span><span class="p">(</span><span class="nx">request</span><span class="p">).</span><span class="nf">pipe</span><span class="p">(</span> <span class="nf">catchError</span><span class="p">((</span><span class="nx">error</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">error</span><span class="p">.</span><span class="nx">status</span> <span class="o">===</span> <span class="mi">401</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="k">this</span><span class="p">.</span><span class="nx">authService</span><span class="p">.</span><span class="nf">handleUnauthorized</span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">next</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nf">throwError</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="nx">error</span><span class="p">);</span> <span class="p">}),</span> <span class="p">);</span> </code></pre> </div> <p>In summary, a solid token refresh workflow ensures a seamless user experience and secure session management in Angular applications. By handling 401 errors effectively and managing concurrent requests, you can maintain reliability and keep your users happy. Thank you for reading—feel free to share your thoughts or questions below!</p> webdev angular frontend javascript JayPansuriya Mon, 20 May 2024 06:36:55 +0000 https://dev.to/jaypansuriya/whats-new-in-angular-18-key-features-and-updates-f1d https://dev.to/jaypansuriya/whats-new-in-angular-18-key-features-and-updates-f1d <p>Angular 18 marks a major milestone with numerous enhancements and new features designed to improve speed, capabilities, and ease of development for Angular applications. Here are the key updates you need to know about in Angular 18.</p> <ul> <li>TypeScript 5.4 support</li> <li>Defer views (lazy loading of dependencies) moved from developer preview to stable stage</li> <li>Route redirects with functions: more flexible and opens up new possibilities in routing management</li> <li>New redirect command: enhances redirection capabilities within guards and resolvers</li> <li>Zone-less change detection: change detection operates independently without intermediaries like zone.js</li> <li>Template local variable with @let block</li> <li>Core improvements: ongoing efforts to refine change detection, rendering, and dependency injection</li> <li>Enhanced Angular DevTools: various enhancements to debugging tools for simplifying the debugging process</li> <li>Improved forms API: several upgrades to streamline form creation and validation</li> <li>Upgraded in-template API: simplifies template creation and utilization</li> <li>Support for web components</li> <li>Enhanced internationalization capabilities</li> <li>Introduction of a new router API</li> </ul> angular javascript webdev programming