Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

user is not updated after getAccessTokenSilently({ignoreCache: true}) #109

Closed
type opened this issue Sep 4, 2020 · 5 comments · Fixed by #146
Closed

user is not updated after getAccessTokenSilently({ignoreCache: true}) #109

type opened this issue Sep 4, 2020 · 5 comments · Fixed by #146
Assignees
@adamjmcgrath
Labels
bug Something isn't working

Comments

@type
Copy link

type commented Sep 4, 2020
edited
Loading

Describe the problem

When you refresh the access token and ignore the cache, there are potentially new claims on the user object. However, the user object is stale and there is no way to update it. auth0/auth0-spa-js#274 explains the issue and has a solution: you can call getUser() after you refresh the token. But we have no way to call getUser().

Right now, to get around this, you must hard-refresh the page.

Exposing the getUser function from the auth0-spa-js client would solve this.

What was the expected behavior?

The user object should have all the claims of the new token.

Reproduction

Create a rule in auth0 that sets a property e.g.

function (user, context, callback) {
  user.app_metadata = user.app_metadata || {};

if (user.app_metadata.mything) {
   context.idToken['https://myapp.com/mything'] = true;
   context.accessToken['https://myapp.com/mything'] = true;
}
  callback(null, user, context);
}

Periodically call getAccessTokenSilently({ignoreCache: true}) without refreshing/reloading the page. Observe the user from useAuth0(). It will not have the claim. Refreshing the page will populate the user with the claim.

Environment

Version: 1.0.0
Browsers: Chrome
@adamjmcgrath
Copy link
Contributor

Hi @type - thanks for raising this

We're aware of this limitation and have an item in the backlog to address it and a branch that I'll be raising a PR for in a couple of weeks (I'm away next week)

In the meantime getIdTokenClaims should provide you with the updated user claims.

@adamjmcgrath adamjmcgrath self-assigned this Sep 4, 2020
@adamjmcgrath adamjmcgrath added the bug Something isn't working label Sep 4, 2020
@type
Copy link
Author

type commented Sep 4, 2020

Great to hear that @adamjmcgrath ! I had started on a solution with getIdTokenClaims so I'll continue down that road for now.

@alex-zwingli
Copy link

Thanks, @adamjmcgrath! It's much more elegant to update the user object. I'm excited for this PR to go through.

@alex-zwingli
Copy link

@adamjmcgrath Any updates on when these changes will be implemented?

@adamjmcgrath
Copy link
Contributor

@alex-zwingli - it's on our backlog, I can't give you a specific date yet, but I'll update this post when I've raised a PR

This was referenced Oct 22, 2020
Closed
Closed
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@adamjmcgrath adamjmcgrath

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[SDK-1938] Update the user/isAuthenticated state after getting a token auth0/auth0-react
3 participants
@type @adamjmcgrath @alex-zwingli