OIDC expiring fix (armadaproject#3506)

* Checking for expired user * Change to signing redirect
richscott · Apr 8, 2024 · 1fc5822 · 1fc5822
1 parent a23af3d
commit 1fc5822
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 3 deletions.
diff --git a/internal/lookout/ui/src/App.tsx b/internal/lookout/ui/src/App.tsx
@@ -124,7 +124,7 @@ function AuthWrapper({ children, userManager, isAuthenticated }: AuthWrapperProp
     const handleAuthentication = async () => {
       try {
         const user = await userManager.getUser()
-        if (!user) {
+        if (!user || user.expired) {
           await userManager.signinRedirect()
         }
       } catch (error) {

diff --git a/internal/lookout/ui/src/oidc.ts b/internal/lookout/ui/src/oidc.ts
@@ -10,8 +10,24 @@ export function useUserManager(): UserManager | undefined {
 
 export async function getAccessToken(userManager: UserManager): Promise<string> {
   const user = await userManager.getUser()
-  if (user !== null && !user.expired) return user.access_token
-  return (await userManager.signinPopup()).access_token
+
+  if (user !== null && !user.expired) {
+    return user.access_token
+  }
+
+  try {
+    await userManager.signinRedirect()
+  } catch (err) {
+    console.error("Error during sign-in redirect:", err)
+    throw err
+  }
+
+  const redirectedUser = await userManager.getUser()
+  if (redirectedUser !== null) {
+    return redirectedUser.access_token
+  }
+
+  throw new Error("Failed to obtain access token after sign-in redirect")
 }
 
 export function getAuthorizationHeaders(accessToken: string): Headers {