In the meeting of the State Changers, two main topics were discussed. The first was about handling user authentication in apps built with Flutterflow & Xano. The aim was to cushion user experience even when authentication tokens have expired. This involved automatically sending users back to the login page when their authentication token is expired without them having to trigger the process manually. The solution homed in on using the logout action available in Flutterflow combined with the authentication token status from Xano. The concept was that if any API call returned a 401 error (indicating failed or expired authentication), this should redirect the user to the login page.
The second part of the discussion was about refresh tokens. It was suggested to have a regular endpoint in the app to refresh the token while the user is still logged in. This approach ensures that the authentication token remains up-to-date for active users, but without overly busy-keeping requests to the server. It was clarified that Xano allows multiple authentication tokens for the same user (reflecting multiple simultaneous logins), but it would be best to strike a balance between security and user experience. The optimal solution should avoid creating too many live tokens simultaneously, which could potentially compromise security.
(Source: Office Hours 10/10 )
