Skip to content

Access protected API with JWT #2067

New issue
New issue
Open
Open
Access protected API with JWT#2067
Labels
feature: missingmilestone: missingrole: Missingsize: missing
@geolunalg

Description

@geolunalg
geolunalg
opened on Jan 27, 2026

EPIC: Epic: Authentication & Session Management (JWT + Refresh) #2065

Overview

User Story:
As a user, I want my session to continue seamlessly when my access token expires.

Action Items

Acceptance Criteria:

  • When access token is expired and API returns 401, client calls POST /auth/refresh.
  • Backend reads refresh token from cookie and:
    • if valid: returns a new access token
    • if invalid/expired: returns 401 and client routes to login
  • Client retries the original request once after successful refresh.

Resources/Instructions

REPLACE THIS TEXT - If there is a website that has documentation that helps with this issue provide the link(s) here.

Metadata

Metadata

Assignees

No one assigned

    Labels

    feature: missingmilestone: missingrole: Missingsize: missing

    Type

    No type

    Projects

    P: VRMS: Project Board

    Status

    New Issue Approval

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions