[SOLVED] How to Listen to access token

(cloud version - web app) I gave the access token a one hour time period to be valid (at the appwrite dashboard). How to listen to it when it's revoked and give the user some notification, or to use a refresh token? Thank you

How to Listen to access token

Whats the token here? TokenObject generated via Accounts API? Where is the token generated? Client side? Also, there are a few events like users.*.recovery.*, you could use those if they fall into your logic. https://appwrite.io/docs/events#authentication-events

@darShan The token is generated by the client after the user logged in via email/password or google

@darShan I will write down an example: The user logged in and was redirected to the dashboard of my app. He was idle for more than one hour. I want to exit it to the login screen (because the session is no longer valid) should I listen to "users..recovery." event ? which event happens when a access token is no longer valid?

or am I mistaken in my approach ?

users..sessions..delete ?

users.*.sessions.*.delete could work if you setup Realtime to listen to that event

There are multiple ways to handle this.

1. As @safwan suggested,
2. If the client side is a mobile app, use WorkManager on Android or BGAppRefreshTask in iOS or workmanager plugin on Flutter with the delay value set to the token's validity.

Thank you @darShan and @safwan The user.sessions..delete does not work - when I'm trying to register to it via the client api. Should I register to it with the server-sdk?

user.sessions..delete

1. You have an extra dot after sessions.
2. This event is fired when a session is deleted, example: account.deleteSession('current') or account.deleteSessions()

From the example you gave above (sorry I missed that), I see you want to limit the session length [if I understand correctly]. This can be done on console side & its pretty easy! Go to appwrite console > Auth > Security > Session Length > 1 Hours.

@darShan Yes - this is what I did in the appwrite console. Anyway, I will add a check before any user action to see if a session is exists - I think this is solving my problem 🙂 account.getSession('current')

I don't think that's necessary, if the session is no more valid then none of the requests to console will be successful. Also, instead of fresh fetching the session object via account.getSession('current'), save the creation time to disk & use that to compare. would be much faster and that'd work even in low/bad network as well.

@darShan That's a great idea ! Thank you!

I believe this thread can be marked as [SOLVED] now.

[SOLVED] How to Listen to access token