-
Notifications
You must be signed in to change notification settings - Fork 232
Security Component Bug #921
Comments
@abodnar63 Thank you for submitting this issue and helpful information for reproducing the problem. We will investigate this issue and develop a fix. In the meantime, as a workaround, it may work to create an instance of the authService yourself and pass it to the |
internal ref: OKTA-334529 |
@abodnar63 Generally, we suggest you wrap your |
@shuowu, yes in this example I provided only a simple way to reproducing this issue. In my project, it is not possible to wrap |
Hi all, I have a requirement where we have two CTA one for internal login and one for partner login. For internal user we have different client I'd and issuer and for partner we have different client I'd and login. We having spa react. Please let me know how to handle this. |
I'm submitting this issue for the package(s):
I'm submitting a:
Current behavior
I've noticed that the Security component creates a new instance of AuthService after every rendering. Potentially it could cause a lot of different concurrency issues but right now I found issue in token renew functionality. If the application renders multiple times the Security component than during token renew it will send multiple requests to the token endpoint:
I see that you tried to prevent such behaviour with
useMemo
but the problem is thatuseMemo
compares dependencies by referential equality. When application renders the component it gets a new object of the properties. Props could have the same attributes but for every render, it is a new Object. Like{} === {}
returns false.Expected behavior
I would expect to have one instance of AuthService to prevent multiple calls to API. I think there a few ways to fix it. One of them is to use a Singletone pattern for service creation and do a deep check of props before creating the new instance.
Minimal reproduction of the problem with instructions
To reproduce the issue with token auto-renew you can just get this sample https://github.com/okta/samples-js-react/tree/master/okta-hosted-login. You need to render https://github.com/okta/samples-js-react/blob/master/okta-hosted-login/src/App.jsx for multiple times so you can use a timer or add a button which will change the state of the component after every click
In config enable autoRenew:
If you don't want to wait one hour for session expiration you can change manually value of
expiresAt
foridToken
andaccessToken
in session storageokta-token-storage
and refresh the page to read new values by application. For calculatingexpiresAt
you can use this code:Math.round((new Date().getTime() + 1000 * 60 * 2 )/ 1000)
It returnsexpiresAt
value for 2 minutes later.Render the component multiple times after refreshing by clicking the button and you will see multiple requests for token renew after one minute and a half.
Extra information about the use case/user story you are trying to implement
Temporary workaround for dealing with this issue is to prevent multiple rendering of
Security
component.Environment
node -v
): v12.18.3The text was updated successfully, but these errors were encountered: