Various OAuth bug fixes #85
Conversation
Resolve the initial promise after obtaining a token.
Always get the access token from the window, or iframe, location object.
eatyourgreens
force-pushed
the
oauth-refresh-token
branch
from
5a7c56c to
ed3f347
Compare
|
Does it fix #84? |
|
It does. I've hacked the expiry time and I was able to see the token being returned correctly. However, it looks like the same token is returned every time, which I wasn't expecting. |
|
The code changes LGTM, but gimme a second to run this on my local ASM project to test the updates in a running environment. 👌 |
|
What the derp? I have issues signing in on ASM local; although I do get a login token, I don't seem to register a user at the login process. (user === null) Let me run a quick investigation; if anything, it's likely that I didn't set up my environment properly. Current details:
🤷♂️ 🕵️ OK, it's investigation time. |
|
@shaunanoordin I am not sure, but Roger's original code for the OAuth module might rely on there being a |
|
With a local version of ASM, I'm seeing that the user session is lost when the page reloads after login. SW doesn't do this, I think because it uses |
Always call _handleNewBearerToken, to set up auth headers, after checking the token on init.
|
@shaunanoordin I think 36121ca will solve that problem. Also, I see that ASM isn't using a package lock file, so |
|
But I've now introduced this error, if you aren't logged in. |
Check for an access token before setting headers and saving the new token. Always return the passed token, even if null.
eatyourgreens
dismissed
simoneduca’s stale review
The original code did not work with ASM.
|
@shaunanoordin @simoneduca I think this is working now. I've been trying it out with a local copy of ASM, and I'm not running into errors after the last two commits. Over to you for testing! |
|
Yikes, so it looks like there are some compatibility issues with certain projects - thanks for catching that, Jim! 👍 I should expand my tests to Anti-Slavery Manuscripts and Scribes of the Cairo Genizah, maybe Education API Front End, just to get a better sample size. |
There was a problem hiding this comment.
PR Review
This PR fixes:
- login issues introduced in 2.9.3 (couldn't login on Shakespeare's World and certain other websites)
- an issue in
_handleNewBearerToken()where it received wrong input. (window.location.hash vs location.href) ( fixes_handleNewBearerToken()florps on.slice()#84 )
Code changes look good, but given the impact of the update, the tests will be done across a few different CFEs.
Testing
All testing done on localhost using OSX+Chrome64 on a new incognito window every time.
Testing checks for:
- A non-logged in user can login.
- A logged-in user can refresh the page and remain logged in.
- A logged-in user can access user-only functionality (e.g. Collections in ASM & Scribes, classrooms in Edu API FE)
- A logged-in user can log out.
- A logged-out user can refresh the page and remain logged out.
Looks good for:
- Anti-Slavery Manuscripts 👍
- Scribes of the Cairo Geniza 👍
- Education API Front End 👍
Status
Woot, this is looking good! I'm going to give this a 👍, but will hold off on merging until @simoneduca or a second dev gives an all clear.
|
Bonus piece of good news: testing looks good on IE11 with ASM local, too. 👌 |
There was a problem hiding this comment.
Thanks for these changes @eatyourgreens. This version works great on SW and Annotate too. I've tested:
- Login and logout
- Get fresh token when clearing session storage
LGTM.
|
Published as 2.9.4. |
Fixes a few bugs in 2.9.3:
oauth.init()never resolves._handleNewBearerToken()florps on.slice()#84)