Feature: Enhanced Authentication Persistence & Token Refresh Flow
🛑 Problem (Context)
Users were experiencing "Login Required" errors unexpectedly, especially after refreshing the page (F5).
- State Loss: The client-side application lost authentication state upon reload because it relied solely on volatile memory or manual storage sync that wasn't robust.
- Proxy Limitation: The initial
/api/auth/me proxy approach involved manual JWT decoding and subsequent backend calls that sometimes failed or returned 404, causing the "Login Required" state even when a valid token existed.
✅ Solution (Technical Decision)
We implemented a robust Server-Side Token Management strategy using Next.js Route Handlers.
1. Robust Proxy (/api/auth/me)
- Dual Verification: The proxy now first attempts to verify the JWT locally for speed.
- Auto-Refresh: If the Access Token is expired or missing, it automatically uses the
refresh_token cookie to request a new pair from the backend /api/auth/refresh endpoint.
- Cookie Update: Upon successful refresh, the proxy updates the
HttpOnly cookies immediately, ensuring the session remains active without user intervention.
2. Separation of Concerns
- Login/Success: Uses the Proxy purely for fast authentication verification.
- MyPage: Delegated full user data fetching to
TanStack Query calling the backend directly (via Middleware), ensuring standardized data handling and caching.
🔗 Related Changes
src/app/api/auth/me/route.ts: Combined JWT verification and Refresh logic.src/hooks/use-user.ts: Updated to utilize the efficient proxy pattern.
Feature: Enhanced Authentication Persistence & Token Refresh Flow
🛑 Problem (Context)
Users were experiencing "Login Required" errors unexpectedly, especially after refreshing the page (
F5)./api/auth/meproxy approach involved manual JWT decoding and subsequent backend calls that sometimes failed or returned 404, causing the "Login Required" state even when a valid token existed.✅ Solution (Technical Decision)
We implemented a robust Server-Side Token Management strategy using Next.js Route Handlers.
1. Robust Proxy (
/api/auth/me)refresh_tokencookie to request a new pair from the backend/api/auth/refreshendpoint.HttpOnlycookies immediately, ensuring the session remains active without user intervention.2. Separation of Concerns
TanStack Querycalling the backend directly (via Middleware), ensuring standardized data handling and caching.🔗 Related Changes
src/app/api/auth/me/route.ts: Combined JWT verification and Refresh logic.src/hooks/use-user.ts: Updated to utilize the efficient proxy pattern.