Login not handled properly when `userdata.expired` and `autoSignIn: false`.
cimak opened this issue · 2 comments
cimak commented
I am using autoSignIn: false
and I have an expired user (auth.userData.expired === true
). If I now call auth.signIn()
, I will be redirected to an authentication provider and then go back to my app with code/state in the URL.
The problem is that auth.userData
is not being updated - I am still getting an old, expired user.
Please take a look at src/AuthContext.tsx:126
- this is the only usage of hasCodeInUrl()
:
/**
* Check if the user is returning back from OIDC.
*/
if (!user && hasCodeInUrl(location)) {
const user = (await userManager.signinCallback()) || null;
setUserData(user);
setIsLoading(false);
onSignIn && onSignIn(user);
return;
}
So, if there is a code in the URL after the redirect, but at the same time user.expired === true
, there will be no user data update.
jamesdh commented
This should be as simple as doing the following:
if ((!user || user.expired) && hasCodeInUrl(location)) {