search

synapsestudios / synapse-common

DEPRECATED
MIT License
1 stars 2 forks source link

Failed Refresh Token Exchanges are Not Handled Correctly #49

Closed paulstatezny closed 9 years ago

paulstatezny commented 9 years ago

Description

If you have an expired access token, the front end will get a 401 and perform a refresh token exchange for a new access token. This all works great under normal conditions. :+1:

However, if your refresh token is either missing or expired, the token endpoint will return 400 for the refresh token exchange request. Auth-gateway is configured to redirect the user to / or some configured login location:

handleTokenExchangeFailure : function()
{
    var config = this.getConfig();

    store.clear();

    if (config.login_url) {
        window.location = config.login_url;
    } else {
        window.location = '/';
    }
}

However, this callback is clearly never being called. I know because:

  1. The user is never being redirected
  2. Local Storage is not being cleared
paulstatezny commented 9 years ago

:snowflake: :arrow_up:

zpchavez commented 9 years ago

:m: :star:

spruce-bruce commented 9 years ago

:hand:

spruce-bruce commented 9 years ago

:+1: