feat: before app submission refresh access token #1006
Conversation
|
When I tried to complete an application in the incognito window, I was also bounced at the end of the process |
|
@mcgarrye with this implementation that is expected. It kicks off any person that is logged in with those credentials. There is potentially a long term solution of refactoring how the tokens work so that you can be logged into multiple browsers at once, but for this bug we are just going to kick them out. |
|
Could we get @mcgarrye to confirm as well as he requested changes? |
|
I am still being redirected to the home page, not the sign-in page |
|
@mcgarrye @emilyjablonski Ok, I think I finally got it. I was missing an await when redirecting. Can you retest it to see if it is working for you? |
May be out of scope from this ticket but if a user is signed out when in the application dashboard and attempts to edit their information they will see this unhandled error
|
ludtkemorgan
deleted the
987/refresh-access-token-before-app-submission
branch
|
@mcgarrye that's a good find. The user won't see that banner as we only show that when you have the app running in dev mode ( |
This PR addresses #987
Description
There are some edge cases where a public user could have their session voided at the time of app submission, but the UI isn't aware and allowed the submission to go through
This pr makes it so that we attempt a refresh of the access token so if the session is voided the user is given a heads up that their session expired and they are bounced
How Can This Be Tested/Reviewed?
The most easily reproducible way to test this is:
you should be prompted with a dialog and whether you hit the "x" or "OK" you will be bounced to the sign in page and logged out
you should also test that going through the regular app submission process still works
Author Checklist:
yarn generate:clientand/or created a migration when requiredReview Process: