AuthorizeController.Login returns a stale UserInfo

stavroskasidis / BlazorWithIdentity

A project template for a blazor hosted app using cookie based authentication with ef core identity.

MIT License

458 stars 106 forks source link

AuthorizeController.Login returns a stale UserInfo #6

Closed dradovic closed 5 years ago

dradovic commented 5 years ago

After the call to SignInAsync, you return Ok(BuildUserInfo()) which in turn uses the inhertied User property from the ControllerBase which is not updated to reflect the new user but still holds an unauthenticated user. Luckily, IdentityAuthenticationStateProvider.GetAuthenticationStateAsync retrieves an updated UserInfo if the cached user info is unauthenticated but you end up with an extra trip to the back-end.

dradovic commented 5 years ago

My suggestion therefore is to not return a UserInfo from AuthorizeController.Login (and Register) and keep the extra round to GetUserInfo. That way it's sure that the return UserInfo is always the same (vs. constructing one in the Login method and returning that).

stavroskasidis commented 5 years ago

Thank you for the feedback. I implemented your suggestion.