vendure-ecommerce / vendure

The commerce platform with customization in its DNA.
https://www.vendure.io
Other
5.71k stars 1.01k forks source link

Not Authorized error with External Authentication Strategy #2363

Open Swampy469 opened 1 year ago

Swampy469 commented 1 year ago

Describe the bug I am using a custom class that implements "AuthenticationStrategy" interface for a custom authentication flow. After the first access (when there is no ChannelToken saved in the browser) each initial APIs call return 403 error code. I find out that, even if the ChannelToken is saved (after the login), the initial (first 5 requests) APIs header requests doesn't contains "Vendure-Token". After reloading the page (CTRL + R / F5) all is fine, each request contains the Vendure-Token as header.

image image

The first 5 requests after loading doen't contains the "Vendure-Token" inside the headers

To Reproduce Steps to reproduce the behavior:

  1. Make sure there is no Vendure data in the browser (Token, sessions, etc..)
  2. Access the Admin UI using an External Authentication strategy
  3. Go to any section
  4. See "not authorized" error

Expected behavior You must be authorized immediatly after the first login with an external authentication strategy.

Environment (please complete the following information):

Additional context Installed plugins:

michaelbromley commented 9 months ago

/bounty $50

oliverqx commented 9 months ago

/attempt #2363, can i get assigned?

oliverqx commented 9 months ago

I was able to reproduce the bug after a couple of hours setting up a fake environment.

I'm still working on it though, will have a solution by eod tomorrow. Def an issue with middleware but i still havent been able to pin point it.

michaelbromley commented 9 months ago

Listing duplicates:

oliverqx commented 9 months ago

took a bit longer than I thought cause i didnt have much free time this week