search

Azure / api-management-developer-portal

Developer portal provided by the Azure API Management service.
MIT License
488 stars 318 forks source link

If the user's login times out on the API details page, the loading animation will just spin when they select a different operation #883

Open VWACBrick opened 4 years ago

VWACBrick commented 4 years ago

Bug description

When the user is on the API details page for a long period of time with no interaction, and they change the operation context, the user will see the loading animation as if it's hung. It appears their authentication has expired.

image

Reproduction steps

Our API's are configured with Products that require the user to be logged in.

  1. Signing in through AAD (the only auth path we are currently using)
  2. Go to the API Details page
  3. Select an API Operation
  4. Don't touch the page for (~30 mins or delete the accessToken from the session. See below. )
  5. Select a different operation on the API

In the JS console you can see this along with the loading animation being stuck

theme.js:134964 Uncaught (in promise) Error: Unauthorized request. at MapiClient.createMapiError (theme.js:139496) at MapiClient. (theme.js:139482) at Generator.next () at theme.js:139336 at new Promise () at __awaiter (theme.js:139332) at MapiClient.handleError (theme.js:139467) at MapiClient. (theme.js:139462) at Generator.next () at theme.js:139336

Expected behavior

It should present the message to re-log in or something instead of the spinning animation

Is your portal managed or self-hosted?

Self-hosted

Release tag or commit SHA (if using self-hosted version)

2.4.3 release of APIM UI

Environment

Note: If you don't want to wait 30 mins for it to time out, you can delete this in the session

image

azaslonov commented 4 years ago

Thanks @VWACBrick, we'll fix this.

VWACBrick commented 4 years ago

Adjustment to our repro,

The SAS token expiration is about an hour out, not 30 mins.

Instead of removing the accessToken, we just altered the time back 2 hours to simulate the problem faster. In this example, we changed the time hack 20209041735 -> 20209041535 to move it back two hours

image

We noticed in the mapiClient.ts error 401 handling, there is only a code path for BasicAuth, and not AAD.

frankdewaelle commented 2 years ago

Was this issue solved? I seem to experience similar things...

image

frankdewaelle commented 2 years ago

401_2

azaslonov commented 2 years ago

Now, if the token got expired, a user sees the message and gets redirected to /signin page. If this doesn't happen right now, probably the portal hasn't been published in a while. Can you please confirm that?

frankdewaelle commented 2 years ago

This is all happening with "guest" access (unauthenticated).

mvg, Frank.

On Wed, 16 Feb 2022 at 23:30, Alexander Zaslonov @.***> wrote:

Now, if the token got expired, a user sees the message and gets redirected to /signin page. If this doesn't happen right now, probably the portal hasn't been published in a while. Can you please confirm that?

— Reply to this email directly, view it on GitHub https://github.com/Azure/api-management-developer-portal/issues/883#issuecomment-1042372815, or unsubscribe https://github.com/notifications/unsubscribe-auth/APWE4BOUZ5FGUF7S34QTZ63U3QQONANCNFSM4QVOOA7Q . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

You are receiving this because you commented.Message ID: @.***>

frankdewaelle commented 2 years ago

You are right (of course). When I login, the 401 goes away, but the "pending" stays => still slow.

cu, Frank.