Ability to set and refresh token in HEADERS visiting pages by inertia-link

[zablik]

Hi everyone!

I'm building an application where authentication is done by OpenID (oidc-client-js). Tokens are issued by the Authentication center (it's not my app)
My SPA on Inertia.js obtains a token and sends it to my backend part, where I validate token's signature.
As the token is short-living I need the ability to refresh it and restrict access to any controller since the token is expired.

I know about manual visits Inertia.visit() but navigation should be done with <inertia-links />, doesn't it?
Also, I know about :headers attribute.

Looks like this approach works. But it does not look pretty...

window.axios = require("axios");
// and then periodically call
window.axios.defaults.headers.common["x-auth"] = "my token"

So, my question is: what way do you recommend to refresh headers while navigating by inertia-links?

Thanx! =)

[ajnsn]

@zablik In a typical Inertia/Laravel app there's some magic behind the scenes as the XSRF-TOKEN cookie is automatically added by Axios to every request and refreshed by Laravel when returning a 419. You just need redirect back and show a message to the user, like described here. ForGET requests there are typically no tokens needed at all.

In your case, things seem different. Here are some existing issues/answers, you could take a look at.

• You could hook into the events of Inertia (Make headers available in start event)
• or try to use Axios interceptors (How to add custom headers?). You just make sure you are on the same version as Inertia, see Opportunity for better 419 handling.

Also note that there are plans to remove Axios completely. The Axios approach could not be too persistent.

[zablik]

Thanks, I think I need some time for investigation.
And I hope with removing Axios an alternative way of working with headers like in my case will be provided =)