Closed dradovic closed 5 years ago
My suggestion therefore is to not return a UserInfo
from AuthorizeController.Login
(and Register
) and keep the extra round to GetUserInfo
. That way it's sure that the return UserInfo
is always the same (vs. constructing one in the Login
method and returning that).
Thank you for the feedback. I implemented your suggestion.
After the call to
SignInAsync
, you returnOk(BuildUserInfo())
which in turn uses the inhertiedUser
property from theControllerBase
which is not updated to reflect the new user but still holds an unauthenticated user. Luckily,IdentityAuthenticationStateProvider.GetAuthenticationStateAsync
retrieves an updatedUserInfo
if the cached user info is unauthenticated but you end up with an extra trip to the back-end.