Description
The folksonomy API saves token timestamps to localStorage but never validates expiration. This causes:
- Using stale tokens that are no longer valid
- Unnecessary 401 errors before retrying with fresh token
- Silent authentication failures
Current Behavior
// Token saved with timestamp
saveTokenToStorage(token) // Saves token + Date.now()
// But timestamp is never checked!
getStoredToken() // Returns token even if it's 10 hours old ❌
Expected Behavior
// Token should be validated
getStoredToken() // Returns null if token is > 1 hour old ✅
Root Cause :
In src/api/folksonomy.ts:
Timestamp is saved but never used for validation
No expiration check in getStoredToken()
Solution :
Add expiration validation:
Define TOKEN_MAX_AGE_MS = 1 hour
Check token age in getStoredToken()
Return null and clear storage if expired
Security Impact :
Reduces token exposure time
Aligns with OAuth best practices
Prevents stale token usage
Description
The folksonomy API saves token timestamps to localStorage but never validates expiration. This causes:
Current Behavior
Expected Behavior
Root Cause :
In src/api/folksonomy.ts:
Timestamp is saved but never used for validation
No expiration check in getStoredToken()
Solution :
Add expiration validation:
Define TOKEN_MAX_AGE_MS = 1 hour
Check token age in getStoredToken()
Return null and clear storage if expired
Security Impact :
Reduces token exposure time
Aligns with OAuth best practices
Prevents stale token usage