[SOLVED] How to Listen to access token

(cloud version - web app) I gave the access token a one hour time period to be valid (at the appwrite dashboard). How to listen to it when it's revoked and give the user some notification, or to use a refresh token? Thank you

TL;DR

The user is seeking help on how to listen to an access token and receive notifications when it is revoked. They receive suggestions to check if a session exists before any user action and to set the session length in the Appwrite console. They also ask if they should register to the event with the server-sdk or use other methods like WorkManager in Android or BGAppRefreshTask in iOS. The user also asks which event happens when an access token is no longer valid. The solution is to set up Realtime to listen to the `users.*.sessions.*.delete` event or to use authentication events like `users.*.recovery.*

How to Listen to access token

Whats the token here? TokenObject generated via Accounts API? Where is the token generated? Client side? Also, there are a few events like users.*.recovery.*, you could use those if they fall into your logic. https://appwrite.io/docs/events#authentication-events

@darShan The token is generated by the client after the user logged in via email/password or google

@darShan I will write down an example: The user logged in and was redirected to the dashboard of my app. He was idle for more than one hour. I want to exit it to the login screen (because the session is no longer valid) should I listen to "users..recovery." event ? which event happens when a access token is no longer valid?

or am I mistaken in my approach ?

users..sessions..delete ?

users.*.sessions.*.delete could work if you setup Realtime to listen to that event

There are multiple ways to handle this.

As @safwan suggested,
If the client side is a mobile app, use WorkManager on Android or BGAppRefreshTask in iOS or workmanager plugin on Flutter with the delay value set to the token's validity.

Thank you @darShan and @safwan The user.sessions..delete does not work - when I'm trying to register to it via the client api. Should I register to it with the server-sdk?

user.sessions..delete

You have an extra dot after sessions.
This event is fired when a session is deleted, example: account.deleteSession('current') or account.deleteSessions()

From the example you gave above (sorry I missed that), I see you want to limit the session length [if I understand correctly]. This can be done on console side & its pretty easy! Go to appwrite console > Auth > Security > Session Length > 1 Hours.

@darShan Yes - this is what I did in the appwrite console. Anyway, I will add a check before any user action to see if a session is exists - I think this is solving my problem 🙂 account.getSession('current')

I don't think that's necessary, if the session is no more valid then none of the requests to console will be successful. Also, instead of fresh fetching the session object via account.getSession('current'), save the creation time to disk & use that to compare. would be much faster and that'd work even in low/bad network as well.

@darShan That's a great idea ! Thank you!

I believe this thread can be marked as [SOLVED] now.

[SOLVED] How to Listen to access token

Reply to this thread by joining our Discord

Reply on Discord

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more

Recommended threads

Need support?

Join our Discord

Get premium support