I have an application using React for the frontend and Spring Boot for the backend, that use Google SSO (OIDC) for authentication. I'm running in to an issue where the app will not attempt to relog the user in after an hour. Here's a scenario:
Open the app & authenticate using Google
Let the window sit idle for an hour (and the access token expires)
Now I click on an element in the React frontend, because the user is no longer authenticated, a white screen is presented
I've tried many solutions, from refresh tokens to redirecting to a Google login screen if the user is not authenticated. I think that redirecting may be the ideal solution for my situation, but am unsure of where to direct the user. I don't have a login screen, as I'm using Google SSO in Spring Boot, with the settings in my application.properties file.
I'm also not sure if this should be done in the Spring Boot code using something like this (again, I don't have a /login page, as it auto-authenticates using Google SSO, so not sure what should go there):
public AuthenticationEntryPoint unauthorizedEntryPoint() {
return (request, response, authException) -> response.sendRedirect("/login");
}
Or somehow in the React frontend code, although watching my network tab as this situation happens, I don't think React would be able to catch it.
Any help is appreciated, thanks!