Correct me if I am wrong, but I believe
AP.context.getToken just solved the issue with expired JWTs.
In the past, there was no way to refresh an expired JWT from client-side code. Once it was expired, the user was forced to refresh the page. As a developer, I always thought that this kind of sucks from a UX point of view because either you trouble the user and ask him to refresh the page (e.g. via a Flag ) or you fail silently leaving the user confused on why things are not working.
I saw a couple of solutions trying to mitigate this problem. E.g. a background task that periodically asks the server for a new token and/or including a new token in each Ajax response that is then stored on the client for the next request.
Yesterday, I happen to watch this video on cachable iframes from Atlas Camp where I came across
AP.context.getToken. This allows developers to retrieve a valid JWT from the host product and use it to make Ajax requests to our app server. As an added benefit, the JWT will pass the current context to the app server as part of the JWT. If your request doesn’t take more than 15 mins (JWT expiry) you should never see failed request because of expired JWTs anymore.
Does anyone see a reason why not to wrap all Ajax calls in