Open isaachinman opened 1 month ago
We noticed some 403 logs in our application.
Long story short, this is a reproducible error that occurs because the Knock client, as a global singleton, is not correctly handling changing of user.
The teardown function is more or less useless.
If you first initialise a client with user-1, and then reauthenticate with user-2, the client will still attempt to fetch user-1, and will get a 403.
I assume this issue has not yet been reported because most of your customers use React context/hooks, or something.
For now we will work around this issue by putting the Knock client inside a zustand store itself, instead of treating it as a global singleton.
I would suggest two action steps:
.authenticate
UserClient
We noticed some 403 logs in our application.
Long story short, this is a reproducible error that occurs because the Knock client, as a global singleton, is not correctly handling changing of user.
The teardown function is more or less useless.
If you first initialise a client with user-1, and then reauthenticate with user-2, the client will still attempt to fetch user-1, and will get a 403.
I assume this issue has not yet been reported because most of your customers use React context/hooks, or something.
For now we will work around this issue by putting the Knock client inside a zustand store itself, instead of treating it as a global singleton.
I would suggest two action steps:
.authenticate
calls. TheUserClient
should ideally just be entirely recreated