Open kizivat opened 1 month ago
The force push was to adhere to conventional commits.
If the solution for this issue is making an additional getUser
check inside the method – which I'm assuming should make the method trustable on the server(?) – should this call be made at the beginning of the getAuthenticatorAssuranceLevel()
method (ie. before we do checks on the session
)?
Otherwise, we might end up using less secure information from _useSession
since this has the possibility to return early before it reaches the _getUser
call.
Also to consider: what is the added performance overhead for this function by making an additional user call? Do we need to provide an option for a jwt to be passed as an argument to getAuthenticatorAssuranceLevel()
since getUser
can optionally take a jwt?
You may know this, but making sure: keep in mind this change adds a network call to Supabase.
One avoidable source of the
getUser()
warningsWhat kind of change does this PR introduce?
Bug fix
What is the current behavior?
Can't get rid of getUser() warning
What is the new behavior?
The warning is no longer logged on the line defining
verifiedFactors
Additional context
N/A