Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

wip(auth): Get fresh token before making request #1577

Closed
wants to merge 2 commits into from
Closed

wip(auth): Get fresh token before making request #1577

wants to merge 2 commits into from

Conversation

dac09
Copy link
Contributor

@dac09 dac09 commented Dec 11, 2020
edited
Loading

Starts fix for #1576

  • Use fresh token for getCurrentUser
  • Use fresh token for other graphql requests
  • Add a way to watch for token changes from client
  • Verify and test this

@github-actions
Copy link

github-actions bot commented Dec 11, 2020
edited
Loading

📦 Packages for this PR can be downloaded from
https://rw-pr-redwoodjs-com.s3.amazonaws.com/1577/create-redwood-app-0.21.0-9cb74f0.tgz
https://rw-pr-redwoodjs-com.s3.amazonaws.com/1577/redwoodjs-api-0.21.0-9cb74f0.tgz
https://rw-pr-redwoodjs-com.s3.amazonaws.com/1577/redwoodjs-api-server-0.21.0-9cb74f0.tgz
https://rw-pr-redwoodjs-com.s3.amazonaws.com/1577/redwoodjs-auth-0.21.0-9cb74f0.tgz
https://rw-pr-redwoodjs-com.s3.amazonaws.com/1577/redwoodjs-cli-0.21.0-9cb74f0.tgz
https://rw-pr-redwoodjs-com.s3.amazonaws.com/1577/redwoodjs-core-0.21.0-9cb74f0.tgz
https://rw-pr-redwoodjs-com.s3.amazonaws.com/1577/redwoodjs-dev-server-0.21.0-9cb74f0.tgz
https://rw-pr-redwoodjs-com.s3.amazonaws.com/1577/redwoodjs-eslint-config-0.21.0-9cb74f0.tgz
https://rw-pr-redwoodjs-com.s3.amazonaws.com/1577/redwoodjs-eslint-plugin-redwood-0.21.0-9cb74f0.tgz
https://rw-pr-redwoodjs-com.s3.amazonaws.com/1577/redwoodjs-forms-0.21.0-9cb74f0.tgz
https://rw-pr-redwoodjs-com.s3.amazonaws.com/1577/redwoodjs-internal-0.21.0-9cb74f0.tgz
https://rw-pr-redwoodjs-com.s3.amazonaws.com/1577/redwoodjs-router-0.21.0-9cb74f0.tgz
https://rw-pr-redwoodjs-com.s3.amazonaws.com/1577/redwoodjs-structure-0.21.0-9cb74f0.tgz
https://rw-pr-redwoodjs-com.s3.amazonaws.com/1577/redwoodjs-testing-0.21.0-9cb74f0.tgz
https://rw-pr-redwoodjs-com.s3.amazonaws.com/1577/redwoodjs-web-0.21.0-9cb74f0.tgz

Install this PR by running yarn rw upgrade --pr 1577:0.21.0-9cb74f0

@dac09 dac09 requested a review from peterp December 11, 2020 11:14
@dthyresson dthyresson linked an issue Dec 11, 2020 that may be closed by this pull request
AuthProvider holds on to expired token until page refresh #1576
Closed
This was linked to issues Dec 11, 2020
refresh auth tokens when they're invalidated #738
Closed
Unable to refresh Auth token once RedwoodProvider is mounted. #927
Closed
@peterp
Copy link
Contributor

peterp commented Dec 16, 2020

I'm a bit cautious of this approach, since it changes a bunch of assumptions and I'm not fully grokking the consequences of that.

Backing up a bit. I think the root cause for this problem is that we're not dynamically requesting the auth token on each request.

This is solvable in Apollo by using an http auth-link (pseudo-code):

import { AuthContext } from '@redwoodjs/auth'

const authLink = setContext((_, { headers }) => {
  // get the authentication token
  const { token } = AuthContext._currentValue

  // return the headers to the context so httpLink can read them
  return {
    headers: {
      ...headers,
      authorization: token ? `Bearer ${token}` : "",
    }
  }
});

@viperfx
Copy link
Contributor

viperfx commented Dec 22, 2020

My redwood app is still pre-production, but I face this almost on a daily basis during development. Token expires and all subsequent navigation inside redwood gives a 500 status from the API. (I am using Firebase as well).

Would the above suggestion with auth-link be implemented on global level in redwood or on an auth provider level?

@peterp
Copy link
Contributor

peterp commented Jan 7, 2021

@viperfx We'll solve this for everyone.

@dac09
Copy link
Contributor Author

dac09 commented Jan 7, 2021

Closing this, new solution on the way.

@dac09 dac09 closed this Jan 7, 2021
@doesnotexist doesnotexist mentioned this pull request Oct 8, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@peterp peterp Awaiting requested review from peterp

Assignees
No one assigned
Labels
topic/auth
Projects
None yet
Milestone
No milestone
4 participants
@dac09 @peterp @viperfx @dthyresson