Actions created by the oidcMiddleware might not hit all other middlewares.

[bsc52001]

I'm new to JS so let me know if I just missed something.

The oidcMiddleware is storing the remaining middleware chain:

nextMiddleware = next;

then using it to dispatch new actions:

export function getUserCallback(user) { if (!user || user.expired) { nextMiddleware(userExpired()); } else { storedUser = user; nextMiddleware(userFound(user)); } }

This means that the actions it creates are only supplied to middleware after itself. Should the order items are added to the chain have an effect on the outcome?

[maxmantz]

You are correct. The order of middlewares does matter in redux.

[bsc52001]

I've only been working in React/Redux for 4 days, so thank you for any help you can provide. I was very surprised when reordering my middlewares altered the behavior of my application. Is there any way other than reading the source code for every middleware I intend to use to determine the proper order of operations?

[maxmantz]

I understand your predicament. It can be tricky to find the right answer here. Usually the order of middlewares can be derived by the purpose the middleware serves. From my experience the number of middlewares you use should be fairly minimal. You usually have one middleware handling asynchronous operations like redux-saga. This middleware needs an authenticated user, so by purpose it should fire after the oidc middleware made sure a valid access token exists. Then you might have a logger middleware for debugging purposes and a router middleware for routing in the app where the position doesn't really matter. I've found that these middlewares are enough for most redux apps.

Are you familiar with ASP.NET's OWIN specification? The concept is actually identical, the only difference being that OWIN middlewares handle HTTP requests where redux middlewares handle dispatched actions. In OWIN, the order of middlewares is also important.

Please also note that the oidc middleware is only there for legacy purposes and those projects who don't support the silent renewal of tokens. If you have silent renew set up, you don't need the oidc middleware at all because the access token will automatically be renewed before it expires. Check out the example app on how to set up silent renew and feel free to ask me if you have any further questions :).

[bsc52001]

Thanks for information and for making your work available. I think I'm starting to understand the process flow here. I am going to remove the oidcMiddleware from my application and take a look.