User token is not refreshed with autoRefreshTokens when invalidated by Magento backend

[nikblack]

Current behavior

When user token is invalidated by Magento backend, refresh logic is not working in /core/lib/sync/task.ts

The error returned by Magento is:
{"code":500,"result":"The consumer isn't authorized to access self."}

The check if token is invalidated looks like:
resultString.indexOf('not authorized')) >= 0

So now it is not passed as 'not authorized' !== ' isn't authorized'

Expected behavior

If user token is invalid and autoRefreshTokens === true, user token should be refreshed

Steps to reproduce the issue

1. Create user account
2. Wait timeout to user token invalidated on Magento Backend
3. Reload application home page

Repository

Can you handle fixing this bug by yourself?

• [+] YES
• NO

Which Release Cycle state this refers to? Info for developer.

Pick one option.

• This is a bug report for test version on https://test.storefrontcloud.io - In this case Developer should create branch from develop branch and create Pull Request 2. Feature / Improvement back to develop.
• This is a bug report for current Release Candidate version on https://next.storefrontcloud.io - In this case Developer should create branch from release branch and create Pull Request 3. Stabilisation fix back to release.
• [ +] This is a bug report for current Stable version on https://demo.storefrontcloud.io and should be placed in next stable version hotfix - In this case Developer should create branch from hotfix or master branch and create Pull Request 4. Hotfix back to hotfix.

Environment details

• Browser: Chrome Version 75.0.3770.100
• OS: MacOS 10.13.6
• Node: 11.3.0
• Code Version: master

Additional information

[pkarw]

Related: vuestorefront/vue-storefront-api#297

[alinadivante]

@patzick after refreshing the page, the user is logged out. Please fix it :)

[pkarw]

@alinadivante are you usune the most current vsapi? It could have not yet been fixed to demo instance: I mean the fix for http status codes which is related to that one

[patzick]

Fixed with #3342 :) please retest

[alinadivante]

@patzick ! We forgot about this PR #3271
and this one resolves problem, which I mentioned here #3237

When I change manually token in dev console (shop/user/current-token) and open again my account and refresh page - there is info "Consumer is not authorized to access self" but user is still logged in.

and it resolves also this issue: #3343 :)

I think #3271 should be merged to release/v.1.10

[patzick]

@alinadivante closed in #3345, ported this fix from 1.11
please retest :)

[alinadivante]

ok, for now it is okay, but sometimes, when user opens the page using URL, than "Consumer is not authorized to access self" message appears (user is still logged in). We should improve this in v1.11

[undefinederror]

Hey, this has definitely not been fixed.
Once the token expires it never gets refreshed.
"Consumer is not authorized to access self" on each and every refresh after that

[undefinederror]

oooooo I see...
It has been fixed in vuestorefront/magento2-rest-client@fb5adcb

I had to upgrade that dependency