opendev/storyboard-webclient
Code Issues Proposed changes

Handle expired refresh tokens by reloading the page

Browse Source 
If a user's refresh token expires when their access token is also
expired, they cannot obtain a new access token without authenticating
with the openid provider.

Currently StoryBoard doesn't handle this situation, and the session
ends up in a state whereby the access token is invalid and most
requests cause errors due to this.

This commit hackily fixes this by reloading the page if the request
for a new access token fails, such as when the refresh token is
expired.

Change-Id: Ied597133a76e5e61677fafd7bfb35d4107e0836c
This commit is contained in:
Adam Coldrick 2017-05-08 23:43:33 -04:00
parent 1353fcad18
commit ccb66494e9
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/app/auth/http/http_oauth_token_interceptor.js
View File

@ -19,7 +19,7 @@
* and reissued when needed. * and reissued when needed.
*/ */
angular.module('sb.auth').factory('httpOAuthTokenInterceptor', angular.module('sb.auth').factory('httpOAuthTokenInterceptor',
function (AccessToken, $injector, $q, $log) { function (AccessToken, $injector, $q, $log, $window) {
'use strict'; 'use strict';
@ -90,6 +90,7 @@ angular.module('sb.auth').factory('httpOAuthTokenInterceptor',
}, },
function () { function () {
AccessToken.clear(); AccessToken.clear();
$window.location.reload();
} }
).finally(function () { ).finally(function () {
// Inject the token, whether or not it exists, back into the // Inject the token, whether or not it exists, back into the