Front end Auth checkup #463
Comments
|
Some updates. I think that part of this ticket #455 is related to an auth issue. It might be because I had the tab open for a really long time. the i think this has to do with when the cookies are reset, it sets for that specific path in the dom, which could be a number of paths in the application. thus cookies with duplicate keys, and then the timestamp is expired for the refresh token when the browser tab is open for more than a day. I still think that we should also build a setTimeout to check for inactivity, but this is a brand new feature, whereas setting an explicit path should fix this bug. The weirdest part is the partcipant search seems to the buggiest path, maybe bc of the query params idk... |
|
|
|
verify fails, refresh goes fine, but then second verify made to endpoint without Just adding notes here for context. |
|
I added this recently @crsmyz |
|
Got my local updated and working, currently checking on the initial token generation |
|
It
According to the code it looks like the verifyToken() is called in authEndpoints.js along with the refreshAuthLogic() inside of the refreshAuthLogic.js causing the dup call that fails. |
|
Line 12 in refreshAuthLogic.js failedRequest.response.config.url === "/api/token/verify/" The config.url doesn't necessarily matchup to the desired endpoint call preventing the token property from ever getting assigned in some situations. |
Last time I looked at this, I believe some of the values were undefined. I think we should reassess how we are using the tokens, and log out after inactivity?
If a user is using the app consistently over time, then we can use the access and refresh tokens. but if the user goes inactive, the should be definitively logged out
I'll update if the undefined part bears Fruit after an inquiry
The text was updated successfully, but these errors were encountered: