Implement automatic token refresh on 401 errors#56
Open
Prajeeth-12 wants to merge 1 commit into
Open
Conversation
- Add API client with 401 interceptor for refresh logic - Create AuthContext for auth state management - Update App.jsx to use AuthProvider - Implement login in Login.jsx - Fix lint errors in components
Closed
Munazzah-Rakhangi
requested changes
Oct 26, 2025
Munazzah-Rakhangi
left a comment
Munazzah-Rakhangi
left a comment
Collaborator
There was a problem hiding this comment.
Changes Required – Auth flow not functional
Tested locally on PR #56. The login and signup requests are currently blocked due to CORS errors — the preflight (OPTIONS /api/v1/auth/login) consistently returns 400 Bad Request, so the actual POST request never reaches the backend.
Please:
- Verify that the FastAPI CORS middleware is configured before all routes and includes:
allow_origins=["http://localhost:5173", "http://127.0.0.1:5173"]
allow_methods=[""]
allow_headers=[""]
allow_credentials=True
- Ensure that preflight requests return 200 so the browser can send the login/signup requests.
- Once fixed, please re-test the full authentication flow (login, token refresh, logout).
- If it’s already working on your side, please show me a quick demo during our Tuesday weekly meeting so we can confirm and approve the PR.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
API Client Interceptor: Added 401 handling in api.js to automatically refresh access tokens using stored refresh tokens, retry requests once, and logout on failure.
Auth Context: Created AuthContext.jsx for managing user state, login, logout, and token storage in localStorage.
App Integration: Updated App.jsx to wrap with AuthProvider for global auth state.
Login Implementation: Enhanced Login.jsx to use auth context, handle form submission, and display errors.
Code Quality: Fixed lint errors in LanguagePicker.jsx, NotFound.jsx, and AuthContext.jsx (removed unused imports, added ESLint disable for hooks).
This pull request introduces authentication support to the frontend by implementing a context-based authentication system, integrating API calls for login and token refresh, and updating the login page to use these new mechanisms. The changes also include some minor cleanups to language and translation code.
Authentication system integration:
AuthContextinfrontend/src/contexts/AuthContext.jsxto manage authentication state, provide login/logout methods, and handle token storage and user context. ([frontend/src/contexts/AuthContext.jsxR1-R55](https://github.com/oss-slu/TheHealthApp/pull/56/files#diff-3a8c5a8347827277ca8eb529ec90ffc5e52fc5ff5de9b5b0f840b6c29a22bb13R1-R55))frontend/src/App.jsxwith theAuthProvider, making authentication context available throughout the app. ([[1]](https://github.com/oss-slu/TheHealthApp/pull/56/files#diff-a0eba768ed9d2a17091f82d46efb5e1c988f08185cc1e9989366995cdb4e3ba9R5),[[2]](https://github.com/oss-slu/TheHealthApp/pull/56/files#diff-a0eba768ed9d2a17091f82d46efb5e1c988f08185cc1e9989366995cdb4e3ba9R37),[[3]](https://github.com/oss-slu/TheHealthApp/pull/56/files#diff-a0eba768ed9d2a17091f82d46efb5e1c988f08185cc1e9989366995cdb4e3ba9R52))API and token management:
frontend/src/api.jsthat attaches access tokens to requests, automatically refreshes tokens on 401 errors, and retries requests as needed. ([frontend/src/api.jsR1-R64](https://github.com/oss-slu/TheHealthApp/pull/56/files#diff-a89738858630f071121be18ff14b0d8ef770e718126254d86d2a0f0ce52d8547R1-R64))Login flow updates:
frontend/src/pages/auth/Login.jsxto use the new authentication context, handle login errors, and redirect on success. Also updated form field names to match backend expectations. ([[1]](https://github.com/oss-slu/TheHealthApp/pull/56/files#diff-99dd4f896ea3a584c44ebc6e0318b5444f81398d558006b60254e40ab3b37003R5-R42),[[2]](https://github.com/oss-slu/TheHealthApp/pull/56/files#diff-99dd4f896ea3a584c44ebc6e0318b5444f81398d558006b60254e40ab3b37003R57))Minor code cleanups:
frontend/src/components/LanguagePicker.jsxandfrontend/src/pages/NotFound.jsx. ([[1]](https://github.com/oss-slu/TheHealthApp/pull/56/files#diff-bddeb81dc2560b92f0f8a3906fb4409ee392229e87da1460bb1f897565e0ae9fL2),[[2]](https://github.com/oss-slu/TheHealthApp/pull/56/files#diff-5b757aa9c4126171b33886faf59f31c285c320deefa3b0adaf22f9e9c4cc6febL3-L11))