[Bug]: getAuthHeaders token refreshes #529
Description
Hi there!
I just started working on a project using this starter. So far so good, but we kept running into a situation where the getOrSetCart function would not always return the customer related cart, even though we certainly did authenticate the user when they logged in to our application. This has lead to anonymous carts being used, unintentionally. It would happen for a fraction of our users, but it's a consistent problem that we couldn't pinpoint to a specific cause yet.
Here's what I think that's going on: Every time when we're using the Medusa js sdk, the sdk has the ability to validate the jwt token of the user, and refresh it accordingly if anything is wrong. However, getOrSetCart (and other functions in this starter), read the cookie coming in from the request coming in within the server actions they're being used, by using getAuthHeaders.
This can lead to situations where the first action a user is doing on a webpage after being idle for a while is interacting with something that initiates a server action, which reads the (outdated) _medusa_jwt cookie, causing the request to fail/be unauthenticated.
I understand that this repository is a starter, but I would love to hear your thoughts. Happy to provide a solution here too if you're interested, as I think we can simply read the jwt from the cookie, decode it, validate the exp field and refresh the token, to then call setMedusaToken before going resolving the getAuthHeaders. This would ensure the cookie is always up to date before continuing.
[Edit] I created a PR with a potentional solution, let me know what you think! #530 as mentioned in the PR, I'm happy to push it over the finish line if you're interested in adding this to the starter.