Handle TOKEN_EXPIRED from Auth API (#43)

* Clear cookies and redirect on TOKEN_EXPIRED

* Redirect to clear-cookies

* Set SESSION_HAS_BEEN_REFRESHED cookie

* Add proper options to refreshed cookie

* Check TOKEN_EXPIRED authReason, remove session refreshed cookie

Author: aydin-utting

frontend/app/clear-cookies/route.tsx

@@ -0,0 +1,9 @@
+import { cookies } from 'next/headers'
+import { redirect } from 'next/navigation'
+
+export async function GET() {
+  const cookieStore = cookies()
+  cookieStore.delete('X-Amzn-Oidc-Data-0')
+  cookieStore.delete('AWSALBAuthNonce')
+  redirect('/')
+}

frontend/middleware.ts

@@ -11,6 +11,7 @@ const PUBLIC_PATHS = [
   '/monitoring',
   '/privacy',
   '/support',
+  '/clear-cookies',
 ]
 
 export async function middleware(req: NextRequest) {
@@ -51,8 +52,10 @@ export async function middleware(req: NextRequest) {
         authReason: 'LOCAL_TESTING',
       }
     }
-
     if (authResult?.isAuthorised !== true) {
+      if (authResult?.authReason === 'TOKEN_EXPIRED') {
+        return redirectToClearCookies(req)
+      }
       console.error(`User is not authorised to access ${pathname}`)
       return redirectToUnauthorised(req)
     }
@@ -79,7 +82,11 @@ function redirectToGenericError(req: NextRequest) {
   url.pathname = '/generic-error'
   return NextResponse.redirect(url)
 }
-
+function redirectToClearCookies(req: NextRequest) {
+  const url = req.nextUrl.clone()
+  url.pathname = '/clear-cookies'
+  return NextResponse.redirect(url)
+}
 // Configure which paths this middleware should run on
 export const config = {
   matcher: [