Login not handled properly when `userdata.expired` and `autoSignIn: false`.

Question

Login not handled properly when `userdata.expired` and `autoSignIn: false`.

cimak opened this issue 2 years ago · 2 comments

I am using autoSignIn: false and I have an expired user (auth.userData.expired === true). If I now call auth.signIn(), I will be redirected to an authentication provider and then go back to my app with code/state in the URL.

The problem is that auth.userData is not being updated - I am still getting an old, expired user.

Please take a look at src/AuthContext.tsx:126 - this is the only usage of hasCodeInUrl():

/**
 * Check if the user is returning back from OIDC.
 */
if (!user && hasCodeInUrl(location)) {
    const user = (await userManager.signinCallback()) || null;
    setUserData(user);
    setIsLoading(false);
    onSignIn && onSignIn(user);
    return;
}

So, if there is a code in the URL after the redirect, but at the same time user.expired === true, there will be no user data update.

Answer 1 · 2023-03-15T13:40:42.000Z

@cimak thanks for pointing this out! I'll try and get a fix in today.

Answer 2 · 2023-03-15T13:42:03.000Z

This should be as simple as doing the following:

if ((!user || user.expired) && hasCodeInUrl(location)) {