- Automatic Token Refresh: Implemented automatic access token refresh when 401 errors occur
- Request Queuing: Multiple failed requests are queued and automatically retried after token refresh
- Dual Token Storage: Tokens stored in both localStorage (persistence) and memory (SSR support)
- Helper Functions:
setToken(token)- Save access tokensetRefreshToken(token)- Save refresh tokengetStoredToken()- Get access tokengetStoredRefreshToken()- Get refresh tokenclearStoredToken()- Clear all tokens
- Both
useLoginanduseRegisterhooks now save both access and refresh tokens - Automatic cache invalidation and user data update on success
- Type-safe inputs and responses
Request (401) → Get Refresh Token → POST /api/auth/refresh
→ Save New Tokens → Retry Original Request → Resume Queued Requests
If refresh fails:
Refresh Failed → Clear All Tokens → Redirect to /login
- Source: Google Fonts - Poppins
- Implementation: Using Next.js
next/font/googlefor optimal performance - Weights: 300, 400, 500, 600, 700
- Features:
- Automatic font optimization
- Variable font support (
--font-poppins) - Applied to both
sansandheadingfont families - Zero layout shift with
display: swap
SDK (Authentication):
packages/sdk/src/client.ts- Token refresh logic and storagepackages/sdk/src/services/mutations/auth/useLogin/index.ts- Save both tokenspackages/sdk/src/services/mutations/auth/useRegister/index.ts- Save both tokens
Web App (Font):
apps/web/app/layout.tsx- Poppins font integrationpackages/design-system/tailwind.config.ts- Font family configuration
Documentation:
packages/sdk/AUTH_FLOW.md- Comprehensive authentication documentation
// Automatic refresh on 401
client.interceptors.response.use(
(response) => response,
async (error) => {
if (error.response?.status === 401 && !originalRequest._retry) {
// Queue request
// Refresh token
// Retry request
}
}
);// Next.js Layout
import { Poppins } from "next/font/google";
const poppins = Poppins({
subsets: ["latin"],
weight: ["300", "400", "500", "600", "700"],
variable: "--font-poppins",
display: "swap",
});
// Applied via className
<html className={poppins.variable}>
<body className={poppins.className}>- ✅ Automatic Token Refresh - No manual intervention needed
- ✅ Request Queuing - Multiple requests handled correctly during refresh
- ✅ Persistent Auth - Tokens survive page refresh
- ✅ Type Safety - Full TypeScript support
- ✅ Modern Typography - Poppins font loaded and applied
- ✅ Optimized Performance - Next.js font optimization active
Potential areas for future enhancement:
- Implement protected route HOC/middleware
- Add token expiry checks before requests
- Consider httpOnly cookies for refresh tokens (more secure)
- Add refresh token rotation on backend
- Implement remember-me functionality
- Add token blacklisting on logout
To test the authentication flow:
// Login
const login = useLogin();
await login.mutateAsync({ email, password });
// → Tokens automatically saved
// Make authenticated request
const { data } = useMe();
// → Token automatically added to headers
// Token expires
// → Automatic refresh triggered
// → Request retried with new token
// Refresh fails
// → Redirected to /loginFull authentication documentation available at:
packages/sdk/AUTH_FLOW.md- Complete guide with examples
Poppins font is now the default font for:
- All body text (
font-sans) - All headings (
font-heading) - All Design System components
Access via Tailwind classes:
<h1 className="font-sans">Uses Poppins</h1>
<h2 className="font-heading">Also Poppins</h2>- feat: add token refresh mechanism and Poppins font (790d41cb)
- docs: add comprehensive authentication flow documentation (462e841a)
- fix: correct SdkProvider usage and ApiProvider config handling (6f5261e5)
- docs: update absolute paths guide with @sdk alias (f24b0fd3)
Last Updated: Dec 31, 2025 Status: ✅ Ready for Testing Dev Server: http://localhost:3001