vickychijwani/ghost_api_auth.js

## ghost_api_auth.js
var accessToken;
var refreshToken;
var accessTokenCreatedAt;
var refreshTokenExpiresIn = 24 * 60 * 60;   // taken from ghost core

function hasAccessTokenExpired() {
  // consider the token as "expired" 5 minutes earlier, to be safe
  return new Date().getTime() > accessTokenCreatedAt + authToken.expires_in - 300;
}

function hasRefreshTokenExpired() {
  // consider the token as "expired" 5 minutes earlier, to be safe
  return new Date().getTime() > accessTokenCreatedAt + refreshTokenExpiresIn - 300;
}

function validateAccessToken(callback) {
  boolean valid = ! hasAccessTokenExpired();
  if (! valid) {
    refreshAccessToken(callback);
  }
  return valid;
}

function refreshAccessToken(callback) {
  if (hasRefreshTokenExpired()) {
    loginWithCredentials(callback);
  }

  // refresh the access token, and note that we call callback() once the token is refreshed
  $.ajax({
    type: 'POST',
    url: API_BASE + '/authentication/token',
    data: {
      grant_type: 'refresh_token',
      client_id: 'ghost-admin',
      refresh_token: refreshToken
    },
    success: function (response) {
      accessToken = response.access_token;
      accessTokenCreatedAt = new Date().getTime();
      callback();   // initiate the original API request that was deferred
    },
    error: function () {
      // handle error
    }
  });
}

function loginWithCredentials(callback) {
  // generate a new access / refresh token pair using username / password, similar to refreshAccessToken
  // make sure to call callback() when login is successfully done, to ensure the deferred API request is made eventually
}

// Now here's the clever part...
function fetchAllPosts(callback) {
  // passing the callback to validateAccessToken effectively "defers" the intended API request
  if (! validateAccessToken(function () { fetchAllPosts(callback); })) {
    return;
  }
  // your access token is valid, go ahead and make a request like GET /posts/
}
	var accessToken;
	var refreshToken;
	var accessTokenCreatedAt;
	var refreshTokenExpiresIn = 24 * 60 * 60; // taken from ghost core

	function hasAccessTokenExpired() {
	// consider the token as "expired" 5 minutes earlier, to be safe
	return new Date().getTime() > accessTokenCreatedAt + authToken.expires_in - 300;
	}

	function hasRefreshTokenExpired() {
	// consider the token as "expired" 5 minutes earlier, to be safe
	return new Date().getTime() > accessTokenCreatedAt + refreshTokenExpiresIn - 300;
	}

	function validateAccessToken(callback) {
	boolean valid = ! hasAccessTokenExpired();
	if (! valid) {
	refreshAccessToken(callback);
	}
	return valid;
	}

	function refreshAccessToken(callback) {
	if (hasRefreshTokenExpired()) {
	loginWithCredentials(callback);
	}

	// refresh the access token, and note that we call callback() once the token is refreshed
	$.ajax({
	type: 'POST',
	url: API_BASE + '/authentication/token',
	data: {
	grant_type: 'refresh_token',
	client_id: 'ghost-admin',
	refresh_token: refreshToken
	},
	success: function (response) {
	accessToken = response.access_token;
	accessTokenCreatedAt = new Date().getTime();
	callback(); // initiate the original API request that was deferred
	},
	error: function () {
	// handle error
	}
	});
	}

	function loginWithCredentials(callback) {
	// generate a new access / refresh token pair using username / password, similar to refreshAccessToken
	// make sure to call callback() when login is successfully done, to ensure the deferred API request is made eventually
	}

	// Now here's the clever part...
	function fetchAllPosts(callback) {
	// passing the callback to validateAccessToken effectively "defers" the intended API request
	if (! validateAccessToken(function () { fetchAllPosts(callback); })) {
	return;
	}
	// your access token is valid, go ahead and make a request like GET /posts/
	}