Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No refresh token #95

Open
shamilto-epa opened this issue Dec 3, 2024 · 3 comments
Open

No refresh token #95

shamilto-epa opened this issue Dec 3, 2024 · 3 comments
Labels
pending triage Triage in progress question Further information is requested waiting for feedback

Comments

@shamilto-epa
Copy link

shamilto-epa commented Dec 3, 2024
edited
Loading

Thank you for all your hard work on this package.

Intermittently the refresh token is lost in storage. I have been testing this for a few days and it especially occurs if I close the browser and wait 30-45+ minutes. I come back to the app and everything else is working fine and canRefresh is true but for some reason the actual persistentSession is lost.

The package keeps you logged in but when using tokens to communicate with API's (that validate tokens through a resource server) - this is causing issues because the tokens are not being refreshed and therefore are expired/not valid at certain times. Is there a way we could force a logout when a refresh is attempted but fails (instead of just retuning out of the refreshUserSession function)?
Screenshot 2024-12-03 082900
@itpropro
Copy link
Owner

itpropro commented Jan 6, 2025

Hi,
the default behavior actually is to log you out, if the refresh fails. Can you please verify if you have the same problems with the current beta version (beta 3)?
Also for the persistent sessions, are you sure that the persistent sessions are using a unstorage provider that is persistent (not memory which is reset on every server reload)?

@itpropro itpropro added pending triage Triage in progress question Further information is requested waiting for feedback labels Jan 6, 2025
@shamilto-epa
Copy link
Author

shamilto-epa commented Jan 23, 2025
edited
Loading

Hi, the default behavior actually is to log you out, if the refresh fails. Can you please verify if you have the same problems with the current beta version (beta 3)? Also for the persistent sessions, are you sure that the persistent sessions are using a unstorage provider that is persistent (not memory which is reset on every server reload)?

I confirmed this is still occurring on the latest beta(bets .5)

The issue seems to occur when the server(dev server) is reloaded so you are probably right about the storage.

I do not have a redis store or any cache store setup. I am assuming it is using memory which is , temporarily, okay for our use case , but I would like to force a logout when this occurs(new code in beta 5)

Image

@itpropro
Copy link
Owner

The nitro server is reloaded on every code change, even if you just saved an already saved file. Try to use the same storage config as the playground with fs (everything except for metadata is encrypted in there, as it is the persistent session):

  nitro: {
    storage: { // Local file system storage for demo purposes
      oidc: {
        driver: 'fs',
        base: 'oidcstorage',
      },
    },
  },

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
pending triage Triage in progress question Further information is requested waiting for feedback
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@itpropro @shamilto-epa