-
Notifications
You must be signed in to change notification settings - Fork 288
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: fix logic for retrying 401s with silent re-auth #471
Conversation
fce83a8
to
6eeeaac
Compare
|
||
return new ApolloClient({ | ||
connectToDevTools: process.browser, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Apollo dev tools wasn't working for me anymore until I removed this. It automatically enables only for non-production, so it should be fine.
} else { | ||
logger.error(`Error while running getDataFromTree: ${error}`); | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Essentially this same code was just moved to initApollo.js
, where the browser redirect is happening, so that all of the logic is in one place (and because this catch was no longer being hit).
return ( | ||
<ButtonBase | ||
disableRipple | ||
className={classNames(variantButton, { [activeVariant]: isActive }, { [soldOutVariant]: variantInventoryStatus && variantInventoryStatus.type === "SOLD_OUT" })} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this change meant to be in this PR? Seems out of place with the rest of the changes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's not related, but it was an eslint warning so I fixed it
@aldeed I updated the snyk expiration date check here to fix that testing issue, at least until 2019-01-31. This looks pretty good, just had one question (above), but either way you answer that question it is still good to merge, just want to make sure you want that change here. |
Resolves #470
Impact: minor
Type: bugfix
Issue
Due to GraphQL server update to Apollo Server 2.0 as well as subsequent changes in starterkit, the earlier work to silently re-authenticate when a 401 error is detected stopped working.
Solution
Revamped how we're doing it to be more foolproof.
Breaking changes
None
Testing
I recommend testing against reactioncommerce/reaction#4894 or the re-auth from browser will not work.
There are two ways this token refreshing is supposed to work, both of which need to be tested. The setup is the same for both:
- ACCESS_TOKEN_LIFESPAN=1m
in theenvironment
section of reaction-hydra project'sdocker-compose.yml
file.dc down
anddc up -d
reaction-hydraThis will force auth tokens to expire after only 1 minute, making it faster to test this.
Test silent re-auth in browser
graphql-alpha
request in the browser network log, then keep clicking until you do.Test silent re-auth from NextJS server