When Auth Server is unavailable, browser can access protected routes
markwt-waymark opened this issue · 1 comments
markwt-waymark commented
If I run the following code when the identity server is running it functions as expected; I am asked to login when attempting to access the protected dashboard route.
However, if the identity server is not running, there is no error in the console and the browser simply allows the client to access the protected route.
Am I doing something wrong here or is this a bug?
Thanks
const oidcConfig = {
onSignIn: async (user: User | null) => {
alert('You just signed in, congratz! Check out the console!');
console.log(user);
window.location.hash = '';
},
authority: process.env.REACT_APP_IDENTITY_AUTH_URL,
clientId: process.env.REACT_APP_IDENTITY_CLIENT_ID,
responseType: 'code',
redirectUri: process.env.REACT_APP_IDENTITY_REDIRECT_URL,
silentRedirectUri: process.env.REACT_APP_IDENTITY_SILENT_REDIRECT_URL,
postLogoutRedirectUri: process.env.REACT_APP_IDENTITY_LOGOFF_REDIRECT_URL,
scope: process.env.REACT_APP_IDENTITY_SCOPE
};
const router = createBrowserRouter([
{
path: "/",
element: <Home />,
},
{
path: "/dashboard",
element:
<AuthProvider {...oidcConfig}>
<Dashboard />
</AuthProvider>
}
]);
function App() {
return (
<React.StrictMode>
<RouterProvider router={router} />
</React.StrictMode>
);
}