When implementing JWT authentication, you may encounter a common scenario:
A user logs into your store’s mobile app while on WiFi
The JWT token is issued and includes their current IP address
Later, the user switches to cellular data or changes networks
Their next API request fails with a 401 error, despite having a valid token
This happens because the JWT token includes IP validation as a security measure to prevent token theft and replay attacks. When the user’s IP address changes, the security check fails.
async function handleAuthError(error) { if (error.status === 401) { try { await refreshAuthToken(); return true; // Token refresh successful } catch (refreshError) { // Redirect to login if refresh fails window.location.href = '/login'; // This would be the page URL for your login page not the login endpoint. return false; } } throw error;}