What to do after the refresh token of Oauth2.0 obtains the new access_token

carries access_token and refresh_token

in the header when requesting the interface.

if access_token expires, the new access_token will be obtained according to refresh_token , and then the expiration time of refresh_token will be updated!

but there is a question! How do I write to the client after getting a new access_token ?

such as scene

user requests an order list after logging in for a period of time ( access_token has expired).
but due to access_token has expired when requesting an order list! So get a new token according to refresh_token !
We block the request for the order list and let it get the new access_token and return a specific status code! According to the judgment status code, the client determines whether to write access_token ?
according to the agreed status code. In this case, what should I do if the request for the order list is gone?

do you have a big answer to what you feel like a mess? (there is a reward)

there is a train of thought at present

at the time of the request, determine whether the token expires, if not, continue the request;
if there is an expiration, detect refresh_token whether it expires; if it also expires, let the user log in again!
if token expires but refresh_token sets the expiration time of the new Token update refresh_token in the middleware; the request continues and adds the token field to the returned json!

{
  "status": 1,
  "msg": "",
  "data":[
    //
    ],
  "token" :"xxxxxxxxxxxxx"    //token

in the client response interceptor , if there is a token field in the returned object, replace the old token !

I wonder if this is feasible?

Apr.02,2022

Nobody handles it that way. Business interface and token interface are not put together
1. If you verify that the token is invalid, an error code is returned? The client needs to refresh token or log in to
2 according to this error code. After that, continue to request the normal business interface


whether the access_token expires and refresh the access_token with refresh_token. Generally speaking, the client does it. The client stores


through the response interceptor. When it is determined that the situation is similar to not logging in, refresh the token and retry the current request

MySQL Query : SELECT * FROM `codeshelper`.`v9_news` WHERE status=99 AND catid='6' ORDER BY rand() LIMIT 5
MySQL Error : Disk full (/tmp/#sql-temptable-64f5-1bd620e-30fe9.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
MySQL Errno : 1021
Message : Disk full (/tmp/#sql-temptable-64f5-1bd620e-30fe9.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
Need Help?