The meeting started with one participant expressing gratitude for an idea related to authentication renewal. They mentioned encountering a problem while debugging, where hitting the refresh button on the login page would sometimes redirect them back to the login screen. They suspected it might be related to authorization token renewal and wanted to discuss it further. Another participant suggested looking at the request history on the Xano side to determine if the refresh triggered an authorization token renewal. They explained that authorization token renewal occurs when a user performs an action that indicates activity on the front end, such as clicking a button or refreshing the page. The participants examined the request history and discussed the expiration time of the tokens being sent. They also considered widening the window for token renewal to increase the chances of receiving a new token. There was a suggestion to implement a feature that pings an API call every 20 minutes to ensure token renewal. However, it was noted that timers in browsers might be less reliable for this purpose. The participants deliberated on the balance between security and user experience, with one participant suggesting a time range for token renewal every 2 minutes. The trade-off between security and the number of tokens floating around was discussed, as well as the alternative approach used by banks. The participant who initially raised the issue expressed interest in exploring the alternative approach and requested assistance with implementing it. The meeting continued with other participants discussing their own questions and concerns related to Xano.
(Source: Office Hours 3/16 )
