Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Auth not triggering when previous auth attempt was abandoned. #9

Closed
jgleman opened this issue Sep 19, 2016 · 5 comments
Closed

Auth not triggering when previous auth attempt was abandoned. #9

jgleman opened this issue Sep 19, 2016 · 5 comments
Labels
bug

Comments

@jgleman
Copy link

jgleman commented Sep 19, 2016

Hi,

This is my scenario:

With triggerAuthFlow set to true a user has expired or is not logged in at all. The middleware sets a key in local storage oidc.expired: true. The user is then redirected to the log in page, at this point the user decides they don't want to log in right now and closes their browser.

Later that day, perhaps. The user tries to go back to the application. They are not logged in, but the middleware bypasses the log in process because the first if statement in this code evaluates to false. So my app is stuck (as far as the user is concerned) in an irrecoverable state.

// the middleware
  return (store) => (next) => (action) => {
    if (shouldValidate(store.getState(), action) && !localStorage.getItem(STORAGE_KEY)) {
      // IF: validation should occur...
      if (!storedUser || storedUser.expired) {
        // IF: user hasn't been found or is expired...
        localStorage.setItem(STORAGE_KEY, true);
        userManager.getUser()
          .then((user) => getUserSuccessCallback(next, userManager, user, triggerAuthFlow, action))
          .catch(getUserErrorCallback);
      } else {
        // ELSE: user has been found and NOT is expired...
        return next(action);
      }
    } else {
      // ELSE: validation should NOT occur...
      return next(action);
    }
  }

I'm not sure how I can detect and prevent this scenario. I understand why oidc.expired is set to true (so that when you come back to the Callback route, it doesn't look them back to authentication.

This library is working great for me otherwise. Thanks!
@maxmantz
Copy link
Owner

Thanks for the bug report.

The storage key is needed to prevent an infinite loop of redirects when an expired user has been detected. I will look into this.

@maxmantz maxmantz added the bug label Sep 19, 2016
@jgleman
Copy link
Author

jgleman commented Sep 19, 2016

One option I am thinking about (which I cannot test at the moment due to an issue with my auth sever) is to check the route when the app loads. If the route is not the call back route, I could clear that key from local storage which should trigger auth again. If it is the callback route it should work as usual. I'm not sure what if any side effects this may cause. Thanks for looking into this.

@maxmantz
Copy link
Owner

maxmantz commented Sep 19, 2016
edited
Loading

I have released v2.2.0-beta.1 with a fix for this issue. I've checked it with my example app and it works there. I hope if it works for you too. Check the releases tab & wiki as well, there are a few changes that had to be made for this to work.

@maxmantz maxmantz mentioned this issue Sep 20, 2016
Closed
@jgleman
Copy link
Author

jgleman commented Sep 20, 2016

This change is working perfectly for me. Thank you for your quick response!

@jgleman jgleman closed this as completed Sep 20, 2016
@maxmantz
Copy link
Owner

Happy to help!

@maxmantz maxmantz mentioned this issue Apr 21, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jgleman @maxmantz