JWT token refresh logic for headers in the anycable-client library

[cloetzi]

We are looking at switching our authentication to JWT. The default refresh logic in the anycable-client library is great and works as intended. That said, it seems to be only working for tokens sent through GET parameters and not headers. At least I could not find a way to refresh the header using the tokenRefresher functionality. Is that something you'd consider supporting?

We generally prefer to send JWT tokens over headers to avoid logging them accidentally as part of request logs.

[palkan]

Hey,

You should be able to configure a custom refresher that could retrieve a new token from anywhere. Smth like this:

export default createCable({
  tokenRefresher: async transport => {
    let response = await fetch('/cable/auth', {method: "POST"})
    // From JSON body
    let token = (await response.json())["token"]

    // Or headers
    let token = response.headers.get("x-anycable-token")

    // Update URL for the underlying transport
    transport.setParam('jid', token)
  }
})