Expiration values

[charliewilco]

Is your feature request related to a problem? Please describe.

When creating a session, we get both a access token and a refresh token. If you decode the access token you get the expiration time and when you need to refresh the session.

Describe the solution you'd like

Add the expiration value with the session response.

Describe alternatives you've considered

• Having the client decode the token to grab this value but this would mean that the token would always need this value.
• Hard coding a time for expiration, this is troublesome because the issuer could change that buffer time

Additional context

[estrattonbailey]

Having the client decode the token to grab this value but this would mean that the token would always need this value.

Does it NOT always have the expiry time? We have a check for this as well, so it seems that it can in fact be undefined.

In our app, we do that check first, and if it's expired we run resumeSession, which attempts to use accessToken to get the session. If that fails it tries to refreshSession, which exchanges the refreshToken for a fresh accessToken. Source here.

We also have a wrapped fetch handler through which all our calls pass, and if gets an expired token, it also tries to refreshSession. Source here.

As to if we could include the expiry time directly on the session response, I'm not sure, but could run that by the team.

[charliewilco]

yep that decoding work is exactly what i wanna avoid, in the future you might change the contents of the token.