jwt() method does not update the token currentUser()

[depadiernos]

When invoking jwt(true), the value in currentUser() is not updated until a logout then login again. As a user, it would be convenient if the jwt() method would update the value automatically.

Example:

const user = auth.currentUser();
const jwt = user.jwt(true);
jwt.then(() => {
  console.log("User token refreshed.");
  console.log(this.netlifyIdentity.currentUser());
});

This code snippet does not result in the new token being console.log.

[carlganz]

In addition to fixing this functionality, it would be great if the refresh token process was better documented.

[fool]

Context as to why this is medium priority: Every customer who tries to use this library runs into this situation, and that has so far been largely enterprise customers who've struggled with it. I'd say this bug is nonintuitive and nonobvious to newer users of gotrue-js, and this has definitely led to probably person-days of Support trying to help people with their code, which is outside our scope of support

[erezrokah]

Can we get a reproduction repo for this?

I tried using the following code:

const user = this.netlifyIdentity.currentUser();
if (user) {
    console.log('token', user.token)
    const jwt = user.jwt(true);
    jwt.then((response) => {
        console.log("User token refreshed.", response);
        const newUser = this.netlifyIdentity.currentUser()
        console.log('new-token', newUser.token)
    });
}

And getting the new token printed.

I used the example site in https://github.com/netlify/netlify-identity-widget as a baseline.

Closed the issue by mistake

[carlganz]

https://community.netlify.com/t/gotruejs-remember-me-functionality/13067/3

Here is thread about issue in Netlify Community that includes part of a reproducible example so maybe that helps. I'll confess a while back I spent a bunch of time going through source code trying to debug without any luck

[erezrokah]

Thanks @carlganz, are you referring to https://community.netlify.com/t/gotruejs-remember-me-functionality/13067/3?u=erez? This is very interesting since Netlify CMS uses the jwt method to get the token on each request it sends when using it with git-gateway: https://github.com/netlify/netlify-cms/blob/b0f1635981906894c4f8bce93b0469e4b465c74f/packages/netlify-cms-backend-git-gateway/src/implementation.ts#L267

according to that comment, user sessions in Netlify CMS should expire in 2 hours or sooner (the token is valid for 1 hour, and only a single refresh should succeed). I haven't seen related issues in the CMS repo.

If we could get a step by step reproduction (maybe a public repository), that would make it much easier to debug.

[carlganz]

I'll spend some time next week trying to produce minimal example. Truthfully I'm pretty bad with vanilla Javascript at this point so I don't know how minimal I'll be able to get, and I'm open to the possibility that the issues I've faced are the result of my misunderstanding some interaction between async code and modern reactive frameworks.

[carlganz]

https://github.com/carlganz/gotruejs-in-vue

After experimenting with this some more I am almost certain this is not a bug, but a common issue people create for themselves that can probably be avoided with some improved documentation.

For example, in the example here, which doesn't use the remember me functionality, the user info is saved as cookie manually to prevent logging out on refresh. I think a lot of people, including myself, did this even with setCookies:true not understanding that auth.currentUser() would resolve under the hood. As a result I think people are inadvertently instantiating more than one GoTrue object.

In the initial example, it seems pretty clear that auth and this.netlifyIdentity are different instances of the GoTrue object and that is why the call to jwt in authisn't updating the state in this.netlifyIdentity. I think creating some documented examples of setCookies in combination with Vuex and Redux state management libraries is best solution here.