Closed JackDevAU closed 1 month ago
Update: I've tried to add the function to refresh token, but I cannot reproduce the bug to test currently.
Update: The Rules Functions use auth0's id_token for authentication.
I tested the issue locally with my own auth0 account. After enabling refresh token and waiting for the original id_token to expire, I successfully obtained a new id_token using the /oauth/token
API. With this new token, I was able to call the Reactions API successfully.
However there is a potential issue with this approach. The /oauth/token
API only provides the new id_token and doesn't update the token claims stored in local storage. This means that once the old token expires, we need to obtain the new id_token every time we call a Rules API, which doesn't seem to be a good practice.
Figure: The claims are not updated, so we will still get an expired token if we use
const claims = await getIdTokenClaims();
After some investigation, the getAccessTokenSilently
method seems to be able to refresh id_token in local storage when the cacheMode
is set to 'off'
const token = await getAccessTokenSilently({ audience: 'xxx', scope: 'openid profile email offline_access', grant_type: 'refresh_token', cacheMode: 'off', });
Done - I've enabled the "refresh token" feature in the Auth0 dashboard. Now, the token will work as follows:
Figure: We have a refresh token!
Cc: @bradystroud @KristenHu @Aibono1225 @adamcogan @drwharris
Hi Team,
("Copying" from email -
RE: Update Rule āautonomy-mastery-and-purpose/ruleā #8469
)Describe the Bug
Upon further investigation, signing out and signing back in seems to allow you to react to rules again! This would likely mean the error is to do with an expired user token.
To Reproduce
Steps to reproduce the behavior:
Expected Behavior
Tasks
Screenshots
Figure: Error that occurs when you try and add a favourite if you already have one.
Thanks!