Automatic logout when active user is blocked disappeared after update to v2

[pldvd]

Checklist

• [X] The issue can be reproduced in the auth0-react sample app (or N/A).
• [X] I have looked into the Readme, Examples, and FAQ and have not found a suitable solution or answer.
• [X] I have looked into the API documentation and have not found a suitable solution or answer.
• [X] I have searched the issues and have not found a suitable solution or answer.
• [X] I have searched the Auth0 Community forums and have not found a suitable solution or answer.
• [X] I agree to the terms within the Auth0 Code of Conduct.

Description

After updating to auth0-react v2, we noticed that our active users don't get logged out, after they are blocked in the Auth0 Dashboard / User Management and their current token expires.

V1 behavior: when their current token expired, blocked users were immediately logged out from the platform when trying to acquire a new token. V2 behavior: blocked users can still interact with the app after their current token expired. getAccessTokenSilently() returns a 'user is blocked' error, the network log is filled with

We have been using a custom cache implementation, which seems to interfere with this behavior:

  import { set, get, del, keys } from "idb-keyval";

  const cache = {
    get: (key) => get(key).then((cacheable) => cacheable || null),
    set: (key, cacheable) => set(key, cacheable),
    remove: (key) => del(key),
    allKeys: keys,
  };
  return cache;
};

Using the sample application the following were validated using v2:

• custom cache effects the logout logic, with the custom cache above, the user does not get logged out immediately after trying to call the external API
• without the custom cache the user immediately gets logged out
• in neither case do we see an error in the console

Using the sample application the following were validated after downgrading to v1:

• regardless of using a custom cache or not, the blocked user immediately gets logged out after their token expires and they try to call the external api, and a 401 error is logged to the console:

Reproduction

On v2: Step1: Run sample app with custom cache implementation Step2: Block the current user in Auth0 Dashboard and wait for the token to expire Step3: Try to fire the external API call and observe how you are not logged out immediately.

On v1 this logout happened automatically on the first interaction with the App (after the blocked user has expired), you can verify it by downgrading to v1 in the sample app and going through the above steps.

Additional context

We solved the issue for now by calling logout() manually after checking the error in the catch block of getAccessTokenSIlently(), if (error.message === 'user is blocked') logout() but this looks like a hack compared to the previous behavior.

auth0-react version

2.2.0

React version

17 (our app) & 18 (sample app)

Which browsers have you tested in?

Chrome

[pldvd]

Hey! So just to clarify, it definitely has to do with the custom cache implementation which, until we were on v1, worked fine. Now on v2 we need to manually logout the user when the token endpoint returns a "user is blocked" error.