Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: UI directs to login page when the access token is expired #1841

Merged
merged 1 commit into from
Feb 27, 2025
Merged

fix: UI directs to login page when the access token is expired #1841

merged 1 commit into from
Feb 27, 2025

Conversation

Avinashs7
Copy link
Contributor

@Avinashs7 Avinashs7 commented Feb 27, 2025
edited by alfespa17
Loading

Description

I have fixed the issue by using the expiry timestamp existing in the user object in localstorage. But I assume it needs to be fixed when it is been rejected in authorization process of each protected route.

Let me know if authorization middleware is done then I can work that as well.

Results

There is an expiry timestamp in the localstorage, change it to nearby time and wait until time crosses and try to request anything in the UI then it will route to login page.
I have tested manually by modifying the expiry time in the localstorage to mimic the real time expiration.
Kindly let me know if any error exists.

Fix #1620

@alfespa17
Copy link
Member

Thank you @Avinashs7.

I think it is working correctly, I tested in GITPOD changing DEX configuration and set the token expiration in 2 minutes and the UI is redirected to the login once the token expired.

Example changing the default DEX yaml in /scripts/setup/dex to something like this:

issuer: https://5556-avinashs7-terrakube-plfesnm3bvg.ws-us118.gitpod.io/dex

storage:
  type: memory
web:
  http: 0.0.0.0:5556
  allowedOrigins: ['*']
expiry:
  deviceRequests: "2m"
  signingKeys: "2m"
  idTokens: "2m"
  refreshTokens:
    reuseInterval: "5s"
    validIfNotUsedFor: "5m" 
    absoluteLifetime: "5m"

@alfespa17 alfespa17 changed the title Fixes 1620: UI directs to login page when the access token is expired fix: UI directs to login page when the access token is expired Feb 27, 2025
@alfespa17 alfespa17 merged commit 1223a32 into AzBuilder:main Feb 27, 2025
3 checks passed
@Avinashs7
Copy link
Contributor Author

@alfespa17 It works, but storing the whole user object as it is done now is not safe. So I believe only the tokens and trivial data should be stored.
It is for security purposes and reduces vulnerabilities. Let me know your thoughts regarding this.

@alfespa17
Copy link
Member

@alfespa17 It works, but storing the whole user object as it is done now is not safe. So I believe only the tokens and trivial data should be stored. It is for security purposes and reduces vulnerabilities. Let me know your thoughts regarding this.

If you have any suggestion feel free to create an issue describing the problem and a possible solution

@Avinashs7
Copy link
Contributor Author

@alfespa17 Sure, Once I will work on it in some time.

stanleyz pushed a commit to stanleyz/terrakube that referenced this pull request Mar 11, 2025
@Avinashs7 @stanleyz
fix: UI directs to login page when the access token is expired (AzBui…
1ea556b 
…lder#1841)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

UI doesn't redirect to login when session expires
2 participants
@Avinashs7 @alfespa17