-
Notifications
You must be signed in to change notification settings - Fork 360
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Trigger a refresh for the getUser method #274
Comments
@Tazaf Looking at the code,
Thanks |
I am having the same issue as @Tazaf. A Rule adds Auth0 Core Roles to my user at login.
Programatically I am adding new roles to the user. In my SPA calling Am I doing something incorrectly? |
@patricknee If you inspect the returned token after the call to
This will give us a clue as to where the problem lies. |
Hi, @stevehobbsdev
The claim is being added to the ID Token. Here's the rule code: function addUserAppMetadataToIdToken(user, context, callback) {
const namespace = configuration.hubble_api_namespace;
context.idToken[ `${namespace}/app_metadata` ] = user.app_metadata;
callback(null, user, context);
}
Yep, that behavior is confirmed. The call to the Management API does indeed update the profile, since the workflow works as expected upon app reload.
I... have to admit I have no idea what's an HAR file 😞 Anyway, I'll try ASAP what you asked @patricknee and come back with the results |
Thanks @Tazaf. Bear in mind that Just wanted to mention that in my own testing, these scenarios work. So I have a custom rule which applies a custom claim to my access token (or ID token, both work). I turn it off and call There are a few points of failure here in both of your cases so it would be good to nail down where, but right now it looks like the SDK itself is doing the right thing. Please get back to me with confirmation of the above though, and I can investigate further. |
I am trying to rebuild a simple app replicating (or resolving) the problem. I have forked the repository: https://github.com/auth0-samples/auth0-angular-samples.git to: https://github.com/patricknee/auth0-angular-samples.git The premise of the test is I will add a role to my user via the Auth0 Dashboard (in my application this occurs via the Management API), then push "Update Profile" button and see whether I can force and update, after which the decoded token should have the new role. In my fork I have made the following changes:
My Auth0 Rule to add the roles to the idToken and accessToken is the following:
I am having difficulty with: With line 27, the code works, but of course the token comes from the cache. With line 26, the call to getTokenSilently$ doesn't work, returning an error "consent_required". (I have been working with Auth0 for ~2 years and I either haven't seen this or don't recall how to resolve this error) This line 26 is blocking fully replicating the issue I'm having. |
Just to confirm, this is the block of code you're referring to with the line numbers? async updateProfile() {
try {
this.token = await this.auth.getTokenSilently$({ignoreCache: true}).toPromise();
// line 26: this.token = await this.auth.getTokenSilently$().toPromise();
this.decodedToken = this.jwtHelper.decodeToken(this.token);
} catch (e) {
alert( JSON.stringify(e));
}
} I see on line 25 you're ignoring the cache there, so this should fetch the token from the server.
You can get this when something has changed in the scopes you're requesting from the authz server compared to the last time you logged in. To fix it, you need to go through an interactive login flow first, before authenticating silently (Auth0 will then ask you to confirm the permissions you're asking for). |
Steve, Looks like my line numbers were off by one. Maybe I deleted something before commit. The ignoreCache call is triggering consent_required, but given that I logged in the application immediately before calling getTokenSilently$, it isn't clear where scopes are changing... Are you seeing this error with the getTokenSilently({ignoreCache: true}) line? Patrick |
From the logs, the failed call to Failed Silent Auth Log:
Decoded Token after successful login:
|
I am temporarily working around this problem by reloading the entire SPA, which correctly picks up the updated state (added roles, in my case) from Auth0 without forcing a new login. However, I'm still unable to get this basic call working in the basic example application. Any idea why it is not working? |
Sounds like you've found something that will get you moving for now. I haven't had a chance to dive into this too deeply yet; I'm a little challenged for time today, but I hope to get a look at this tomorrow for you. |
@patricknee I'm trying to replicate your issue, and I have uncovered a bug - which might be related - relating to specifying options to To rule it out in case this is affecting you, could you please manually specify the await getTokenSilently({ ignoreCache: true, audience: '<your audience here>' }) This will be fixed anyway but would be good to try it out in your case. |
@patricknee @Tazaf Any luck trying out my suggestion above? |
Thanks for the heads up. I've been caught up with other tasks lately. I'm trying this thread's suggestions right now. I'll come back when I have some results. |
I've got a question, though. There's no This is the snippet I'm executing after having updated the user's profile on Auth0 (note that I use the this.auth.auth0Client$.subscribe(async client => {
console.log((await client.getIdTokenClaims()).__raw);
}); This prints out the encoded token which, when decoded through the https://jwt.io/ tool, contains the deprecated values ( Do I have to call |
@Tazaf Yes you're right. Right now, if you want to refresh the ID token you would have to call Not saying that's entirely ideal or obvious, but what we're discussing here is a potential new use-case and we could make this easier for you in the future, depending on the outcome of this issue. What I'm interested in is if you can call |
This would be super useful for me too. Refreshing the access token using |
I have the same issue and getTokenSilently({ignoreCache: true}) doesn't work with 3rd party identity providers such as Google OAuth so recommended approach doesn't work in such scenarios. There is already a bug report for that where it is mentioned that it is not considered a bug but I think it is at least a design flaw in JS SDK. (I am using Angular SDK) |
Can you elaborate on what you're seeing? It does work with third-party providers, but under certain circumstances:
|
@stevehobbsdev Sorry for my misunderstanding. It actually worked when I used my own Google developer credentials. |
Closing this for now due to lack of activity. Feel free to continue the discussion if you are still having issues. |
Having the same problem - the only way to force refresh on user data is to reload the page. Please consider adding method |
@prostakov using Are you experiencing issues when trying to use |
Ohhh, I see it. Sorry, should have caught up on the entire thread. Yes, A bit counter-intuitive though :) Thanks! |
Describe the problem you'd like to have solved
After users first logged into my app, they must complete their profile with some information. On Auth0, upon signup, I initialize every account with an
app_metadata
namedcomplete
with a value offalse
.When a user complete their profile, the backend that recevies this completed profile sends a request to the Auth0 Management API to change this
app_metadata.complete
value fromfalse
totrue
.But the frond end is not aware of this update, since it's happening behind it's back.
I tried making a method that calls
getTokenSilently
and ignoring the cache, in order to get the latest version of my user's tokens, then calling thegetUser
method to retrieve the user's profile from the tokens.Except that the profile is still the old one, with the
complete: false
value.Describe the ideal solution
I need a way to somehow trigger a refresh of the currently logged in user info.
Something along the line of
getTokenSilently({ ignoreCache: true})
, but for the decoded user profile (e.g.getUser({ ignoreCache: true })
orgetUser({ forceRefresh: true ])
).Alternatives and current work-arounds
The workaround I have now, is when the backend finishes updating the user account on Auth0, the front end calls the
login
method of theAuthService
. That restart a complete login process, but since my user already logged in before, it behave like an SSO login, and the app is simply reloaded.That works... but I'd like to avoid this full reload for a more streamlined user experience.
The text was updated successfully, but these errors were encountered: