netlify identity tokens need to be refreshed

[benatkin]

I'm discussing on the forum. I've been debugging it long enough that I think the issue exists. I should have complete answers soon, but I thought I would start an issue now.

I've checked several times that I'm using Netlify Identity Widget with Redwood according to the docs, yet after a delay I keep finding myself partially or completely logged out. I just tracked it down to an expired token.

I think this is partly an upstream issue, but I don't think netlifyIdentity.currentUser() returns a promise, so await netlifyIdentity.currentUser() isn't sufficient to get a fresh token. I think await netlifyIdentity.currentUser?.jwt?() is.

Sorry for the partial message. I'm working on fixing the issue my project and will provide more info as I get it.

[benatkin]

currentUser in netlify-identity-widget calls currentUser which calls User.recoverSession and none appear to return promises

[benatkin]

Here's where our netlify authClient it gets the token by calling currentUser

[benatkin]

I also reported it upstream, since redwood seems to be doing the same thing the react example in netlify-identity-widget.

[benatkin]

I was able to fix it in my app by overriding currentUser in the client passed to AuthProvider and making it await on jwt() before the promise:

import netlifyIdentity from 'netlify-identity-widget'

const currentUser = async () => {
  const currentUser = netlifyIdentity.currentUser()
  if (typeof currentUser?.jwt === 'function') {
    console.log('awaiting currentUser.jwt() before returning currentUser')
    await currentUser.jwt()
  }
  return currentUser
}

const netlifyIdentityWrapped = new Proxy(netlifyIdentity, {
  get(target, name) {
    return name === 'currentUser' ? currentUser : target[name]
  },
})

ReactDOM.render(
  <FatalErrorBoundary page={FatalErrorPage}>
    <AuthProvider client={netlifyIdentityWrapped} type="netlify">
      <RedwoodApolloProvider>
        <Routes />
      </RedwoodApolloProvider>
    </AuthProvider>
  </FatalErrorBoundary>,
  document.getElementById('redwood-app')
)

[dthyresson]

@benatkin
Do you think your example

 const currentUser = netlifyIdentity.currentUser()
  if (typeof currentUser?.jwt === 'function') {
    console.log('awaiting currentUser.jwt() before returning currentUser')
    await currentUser.jwt()
  }
  return currentUser

which I saw similar code for in netlify/gotrue-js#71 (comment)

const user = this.netlifyIdentity.currentUser();
if (user) {
	console.log('token', user.token)
	const jwt = user.jwt(true);
	jwt.then((response) => {
		console.log("User token refreshed.", response);
		const newUser = this.netlifyIdentity.currentUser()
		console.log('new-token', newUser.token)
	});
}

should be part of the

    restoreAuthState: async () => {
      return client.currentUser()
    },

for the netlify AuthProvider?

redwood/packages/auth/src/authClients/netlify.ts

Line 50 in f9524ac

restoreAuthState: async () => {

[benatkin]

Yeah, it seems like with my fix there could be a delay.

Would the restoreAuth solution work after having the site open for over an hour, which is how long before tokens need to be refreshed?

If not, perhaps calling jwt() in both restoreAuth and getToken is needed.

My proxy patch is working all the time except it glitched once. I can try returning a proxied currentUser in my proxy which proxies token to a proxy which proxies accessToken to the value obtained from jwt() and see if that fixes it more.

[benatkin]

It's on https://app.resources.co/ by the way. Anyone can sign in with GitHub.

[dthyresson]

@benatkin There have been some improvement made to token refreshing sinch this issue came up.

Can we confirm it is still an issue in v0.33.2+?

Thanks!