0

In a very very worst case, If you see that the API which is used to fetch the permitted features for an authenticated user, responds with empty feature list or simply the call fails, means an authenticated user has no permitted feature for the application (i know it sounds weird, but it can happen in the worst case, suppose your database is crashed or some internal error has occurred on server side), how are you gonna handle this on client side?

If you didn't get the point, here is the flow

(user logs in, after login user should be redirected to my-profile page. but there is a guard against my profile and it has to be resolved with a backend call that responds the permitted feature for the logged in user's role).

  1. clearing the cookie and redirecting to the login page (logging out actually) with a convenient toast message like "something went wrong, please try later". Because, if the token is stored, then the frontend routing mechanism will fall in an infinite loop. As the current routing request will fail because of empty feature list and it will surely cause the user to stumble upon the login page again, and in login page it will see that there is still stored a token in cookie, thus the user should be proceeded to the next route, and the loop will just continue like this :

login>my-profile my-profile>login.

  1. Instead of logging out, redirecting to a page without a route guard, that contains convenient information about the error so that user doesn't have to repeat the login later. Because if you logout the user and he/she tries to login again, the same scenario might repeat untill there is a fix on server side.

  2. Doing nothing. Let the loop continue till there is a fix. Thus the API will be called INFINITELY!!!!!!!! untill the respective feature is returned for the requested route. It is good when the backend call fails for no good reason and everything becomes okay on next call. But if it persists for a long time, can u see the catastrophe on server side for the continuous client request ???

Please share if you have anything that seems more convenient other than these.

Rezaul Karim
  • 67
  • 3
  • Can't understand your problem. If the request failed with permanent error (the app could not function any more without user login again) -> logout (clear all data related to authorized user including tokens) -> redirect to login page. If the error not permanent (token expired or something) fix if possible (refresh token) and repeat N times, if still failed - see the previous scenario. – Dimanoid Nov 17 '22 at 08:21
  • If api fails from the backend side you can have check on it with using Angular Interceptor, so if login API fails you can show toaster and do not redirect to the authenticated page till success status come from API. – Chirag Thaker Nov 17 '22 at 13:20
  • @ChiragThaker Login doesn't fail actually. After login, there is an api that has to be called to fetch the permitted features for logged in user. Somehow, if this call fails, it means, the logged in user has nothing to see in the application. the question is, should i log out the user immediately in that case, or redirect hm/her to default page that has no route-guard. I have made my decision actually, i should try the failed API for n times, then log him/her out if it still fails. – Rezaul Karim Nov 18 '22 at 11:31
  • @Dimanoid thnak u. I think i should try the API n times, if it still fails then logging the user out is the option instead of repeating the call infinitely. Unfortunately I am not using any refresh token. – Rezaul Karim Nov 18 '22 at 11:33

0 Answers0