Open nokrosis opened 7 years ago
This guard is also a problem when you attempt to login but fail. You have a non-null user object due to the attempt but your state is not "logged-in". If you're using a "not-logged-in" guard (b/c you don't want someone to hit the register/forgot password/whatever page when they're already logged in, the guard inappropriately fails.
Guarded routes are validated by checking:
state.cognito.user !== null
However Dashboard on example app depends on:
state.cognito.state = CognitoState.LOGGED_IN
If a user logs in, the session data and user is saved in local storage. If the browser is closed and reopened, on entering the app, COGNITO_CONFIGURE action is fired which has the following code:
When calling
const user = pool.getCurrentUser();
cognito recovers the user from local storage, turningstate.cognito.user !== null
however,state.cognito.state
is not updated toCognitoState.LOGGED_IN
which turns the app on an undesired state:On one side, the user is presented the Login Form as if it was not logged-in, because
state.cognito.state !== CognitoState.LOGGED_IN
By the other side, the user CAN access guarded routes since
state.cognito.user !== null
I think CognitoState should be updated accordingly if
const user = pool.getCurrentUser();
has a valid user/session, or else what solution do you suggest to handle these states?