Open depadiernos opened 4 years ago
In addition to fixing this functionality, it would be great if the refresh token process was better documented.
Context as to why this is medium priority: Every customer who tries to use this library runs into this situation, and that has so far been largely enterprise customers who've struggled with it. I'd say this bug is nonintuitive and nonobvious to newer users of gotrue-js, and this has definitely led to probably person-days of Support trying to help people with their code, which is outside our scope of support
Can we get a reproduction repo for this?
I tried using the following code:
const user = this.netlifyIdentity.currentUser();
if (user) {
console.log('token', user.token)
const jwt = user.jwt(true);
jwt.then((response) => {
console.log("User token refreshed.", response);
const newUser = this.netlifyIdentity.currentUser()
console.log('new-token', newUser.token)
});
}
And getting the new token printed.
I used the example site in https://github.com/netlify/netlify-identity-widget as a baseline.
Closed the issue by mistake
https://community.netlify.com/t/gotruejs-remember-me-functionality/13067/3
Here is thread about issue in Netlify Community that includes part of a reproducible example so maybe that helps. I'll confess a while back I spent a bunch of time going through source code trying to debug without any luck
Thanks @carlganz, are you referring to https://community.netlify.com/t/gotruejs-remember-me-functionality/13067/3?u=erez?
This is very interesting since Netlify CMS uses the jwt
method to get the token on each request it sends when using it with git-gateway
:
https://github.com/netlify/netlify-cms/blob/b0f1635981906894c4f8bce93b0469e4b465c74f/packages/netlify-cms-backend-git-gateway/src/implementation.ts#L267
according to that comment, user sessions in Netlify CMS should expire in 2 hours or sooner (the token is valid for 1 hour, and only a single refresh should succeed). I haven't seen related issues in the CMS repo.
If we could get a step by step reproduction (maybe a public repository), that would make it much easier to debug.
I'll spend some time next week trying to produce minimal example. Truthfully I'm pretty bad with vanilla Javascript at this point so I don't know how minimal I'll be able to get, and I'm open to the possibility that the issues I've faced are the result of my misunderstanding some interaction between async code and modern reactive frameworks.
https://github.com/carlganz/gotruejs-in-vue
After experimenting with this some more I am almost certain this is not a bug, but a common issue people create for themselves that can probably be avoided with some improved documentation.
For example, in the example here, which doesn't use the remember me functionality, the user info is saved as cookie manually to prevent logging out on refresh. I think a lot of people, including myself, did this even with setCookies:true
not understanding that auth.currentUser()
would resolve under the hood. As a result I think people are inadvertently instantiating more than one GoTrue object.
In the initial example, it seems pretty clear that auth
and this.netlifyIdentity
are different instances of the GoTrue object and that is why the call to jwt
in auth
isn't updating the state in this.netlifyIdentity
. I think creating some documented examples of setCookies in combination with Vuex and Redux state management libraries is best solution here.
When invoking
jwt(true)
, the value incurrentUser()
is not updated until a logout then login again. As a user, it would be convenient if thejwt()
method would update the value automatically.Example:
This code snippet does not result in the new token being
console.log
.