You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The environment variable SECRET_KEY_BASE has recently been updated on auth-mvp to be able to have the email feature working.
This environment variable is also used to create and verify the jwt used for users authentication.
I'm wondering if this "Access not authorised" is due to this change.
I'll try to reproduce this error using the heroku application
With the latest PR merged #46 this issue is avoid as when the user is not logged in the application will redirect to the login page, however when the user is loggedin the login page redirect to the capture page.
We saw that when the page return unauthrorised we can just refresh the page to make it work again. It's what the capture -> login -> capture flow is doing.
It is not really a long term fix but I think this will be resolved as soon as the dyno plan on heroku is upgraded.
edit:
In fact this should not happen. If the API returned unauthorized, this means that the jwt is not valid anymore. We still need to redirect to the login page, however we first need to update the session model of the application and make sure to logout and set the session as guest
Was signed in with Google and tracking an
![image](https://user-images.githubusercontent.com/194400/77953919-c1934780-72c5-11ea-81f4-f181a52fe00d.png)
item
.Decided to add a new
item
but got the "Access not authorised" error:The text was updated successfully, but these errors were encountered: