Token expiration test is not accurate

[GaryAustin1]

The math in at least two pieces of code yields up to 1/2 second expired token because of rounding.

utils/getUser.ts

utils/getAccessToken.ts

const timeNow = Math.round(Date.now() / 1000);
jwtUser.exp < timeNow yields:

jwtUser.exp       timeNow      Date.now()    
xxx1               xxx0             xxx0.499            "good" 1/2 sec to expire left  
xxx1               xxx1             xxx0.999            "good" .001 sec to expire! (not really good as no time to do anything)
xxx1               xxx1             xxx1.499            "bad" expired 1/2 sec ago but treated as not expired
xxx1               xxx2             xxx1.501             test works as it is expired for real

I also don't believe it is useful to have a token verified as good from cache if it can expire before even leaving the function call. What good is a token that expires before it can even be used?

[dabarrell]

There's minimal cost in refreshing a token, so it makes sense to refresh if it expires in the next minute (?), rather than waiting for it to expire

[thorwebdev]

Yes, that's a good point. The token refresh strategy isn't ideal yet. Happy to hear ideas 🙏

[dabarrell]

@thorwebdev I've already got an open PR to set up automatic token refreshes (#78) - I'd be happy to add this

it makes sense to refresh if it expires in the next minute

to that PR if it works for you? It'd basically be

const threshold = 60 * 1000; // One minute
if (jwtUser.exp < timeNow + threshold) {
  // refresh
}

[thorwebdev]

Thanks @dabarrell, yah, I think that makes sense. I also commented on your PR, thanks for that! One note, we're currently revamping our repo setup (#75) and then are hoping to get this in right after 👍

[dabarrell]

@thorwebdev In that case I'll wait for #75 to be merged to save a messy rebase :)

[github-actions]

🎉 This issue has been resolved in version 1.4.0 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀