Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat Renew access tokens on 401 errors using redirects to auth endpoint #399

Merged
merged 3 commits into from
Nov 9, 2018

Conversation

impactmass
Copy link
Contributor

@impactmass impactmass commented Oct 22, 2018

Resolves #350
Type: feature

Issue

Renew access tokens on 401 errors by redirecting to re-auth

Solution

  • On 401 errors, redirect to signin endpoint to perform auth and get new access token. Done on both the SSR and browser.

Breaking changes

None

Flash of "Not Found"

If going from product grid to a product's detail page and you have an expired token, the app first shows the Not Found component based on this line of code:

https://github.com/reactioncommerce/reaction-next-starterkit/blob/558d94be01491c26c708d8dea98d6e7528a29bdb/src/pages/product.js#L93

The Not Found page is shown while the redirect is happening. Once redirect flow completes, the product component is then displayed properly. I haven't found a way to fix this.

Testing

  1. Start Starterkit on this branch
  2. Run Hydra on master. Set this ENV in the docker-compose yaml before starting the service: ACCESS_TOKEN_LIFESPAN=1m. This will reduce the wait time. The tokens will expire in 60s.
  3. Load up a page. Log in (if you are not logged in before). Leave it for a while for the token to expire.
  4. After token expires, perform an action (e.g click to view a product, or add a product to cart).
  5. Observe the browser/server console. If a 401 error occurred, confirm that a redirect to /signin starts, and the page is reloaded once the [re]auth is complete.

@impactmass impactmass changed the title WIP - feat Renew access tokens on 401 errors feat Renew access tokens on 401 errors Oct 22, 2018
@impactmass
Copy link
Contributor Author

@aldeed see comment in PR description about flash of Not Found. Accessing the PDP doesn't necessarily require a token, but when the app sends an expired token, the API doesn't return data once if finds the token invalid.

I've tried to pass a value down to the PDP component to use as a check before showing the Not Found page.

@ticean
Copy link
Member

ticean commented Oct 30, 2018

@aldeed could you take a look at this one when you get a chance? It implements an automatic redirect for a quick, secure solution to token expiry & refresh.

@impactmass
Copy link
Contributor Author

Looks like other tasks have pushed this PR down on @aldeed 's priority list.

But also FYI, I tested this now (after being back from my time off), and I'm discovering that some updates to the Reaction API app has left the OAuth IDP login in a broken state.

I'm writing up an issue for that

@impactmass impactmass changed the title feat Renew access tokens on 401 errors feat Renew access tokens on 401 errors using redirects to auth endpoint Nov 9, 2018
@aldeed aldeed merged commit 5858087 into develop Nov 9, 2018
@aldeed aldeed deleted the feat-350-impactmass-token-refresh2 branch November 9, 2018 20:50
This was referenced Jan 15, 2019
@spencern spencern mentioned this pull request Jan 25, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Enable access token refreshing
3 participants