ReactAuthentication flow cho React SPA:
- Login: POST credentials → nhận access + refresh token.
- Lưu access token trong memory (biến JS), refresh token trong httpOnly cookie.
- Axios interceptor: attach access token mỗi request; nếu 401 → dùng refresh token lấy token mới → retry; nếu refresh fail → logout.
- Route guard: PrivateRoute component check auth state.
Authentication flow for a React SPA:
- Login: POST credentials → receive access + refresh tokens.
- Store access token in memory (JS variable), refresh token in an httpOnly cookie.
- Axios interceptor: attach access token to every request; on 401 → use refresh token to get a new access token → retry original request; if refresh fails → logout.
- Route protection: a PrivateRoute component checks auth state before rendering.