-
Notifications
You must be signed in to change notification settings - Fork 269
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Automatic logout when active user is blocked disappeared after update to v2 #814
Comments
Hey! So just to clarify, it definitely has to do with the custom cache implementation which, until we were on v1, worked fine. Now on v2 we need to manually logout the user when the token endpoint returns a "user is blocked" error. |
Hello @pldvd , You can still fix this behavior by setting In v1, when using refresh tokens, the application would fall back to using In v2, we’ve changed the default value of If you prefer the original behavior, where the application falls back to iframes upon a refresh token exchange failure, you can explicitly set Migration Guide: https://github.com/auth0/auth0-react/blob/main/MIGRATION_GUIDE.md#no-more-iframe-fallback-by-default-when-using-refresh-tokens |
Hey @nandan-bhat! Thank you for taking the time to reply. It has been a while but I am back at this issue and I want to clarify two things:
|
any other takes on this, please let me know... |
Checklist
Description
After updating to auth0-react v2, we noticed that our active users don't get logged out, after they are blocked in the Auth0 Dashboard / User Management and their current token expires.
V1 behavior: when their current token expired, blocked users were immediately logged out from the platform when trying to acquire a new token.
V2 behavior: blocked users can still interact with the app after their current token expired. getAccessTokenSilently() returns a 'user is blocked' error, the network log is filled with
We have been using a custom cache implementation, which seems to interfere with this behavior:
Using the sample application the following were validated using v2:
Using the sample application the following were validated after downgrading to v1:
Reproduction
On v2:
Step1: Run sample app with custom cache implementation
Step2: Block the current user in Auth0 Dashboard and wait for the token to expire
Step3: Try to fire the external API call and observe how you are not logged out immediately.
On v1 this logout happened automatically on the first interaction with the App (after the blocked user has expired), you can verify it by downgrading to v1 in the sample app and going through the above steps.
Additional context
We solved the issue for now by calling logout() manually after checking the error in the catch block of getAccessTokenSIlently(),
if (error.message === 'user is blocked') logout()
but this looks like a hack compared to the previous behavior.auth0-react version
2.2.0
React version
17 (our app) & 18 (sample app)
Which browsers have you tested in?
Chrome
The text was updated successfully, but these errors were encountered: