-
Notifications
You must be signed in to change notification settings - Fork 112
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Auth not triggering when previous auth attempt was abandoned. #9
Comments
Thanks for the bug report. The storage key is needed to prevent an infinite loop of redirects when an expired user has been detected. I will look into this. |
One option I am thinking about (which I cannot test at the moment due to an issue with my auth sever) is to check the route when the app loads. If the route is not the call back route, I could clear that key from local storage which should trigger auth again. If it is the callback route it should work as usual. I'm not sure what if any side effects this may cause. Thanks for looking into this. |
I have released v2.2.0-beta.1 with a fix for this issue. I've checked it with my example app and it works there. I hope if it works for you too. Check the releases tab & wiki as well, there are a few changes that had to be made for this to work. |
This change is working perfectly for me. Thank you for your quick response! |
Happy to help! |
Hi,
This is my scenario:
With triggerAuthFlow set to true a user has expired or is not logged in at all. The middleware sets a key in local storage oidc.expired: true. The user is then redirected to the log in page, at this point the user decides they don't want to log in right now and closes their browser.
Later that day, perhaps. The user tries to go back to the application. They are not logged in, but the middleware bypasses the log in process because the first if statement in this code evaluates to false. So my app is stuck (as far as the user is concerned) in an irrecoverable state.
I'm not sure how I can detect and prevent this scenario. I understand why oidc.expired is set to true (so that when you come back to the Callback route, it doesn't look them back to authentication.
This library is working great for me otherwise. Thanks!
The text was updated successfully, but these errors were encountered: