Vue-storefront: User token is not refreshed with autoRefreshTokens when invalidated by Magento backend

Created on 27 Jun 2019 · 9Comments · Source: DivanteLtd/vue-storefront

Current behavior

When user token is invalidated by Magento backend, refresh logic is not working in /core/lib/sync/task.ts

The error returned by Magento is:
{"code":500,"result":"The consumer isn't authorized to access self."}

The check if token is invalidated looks like:
resultString.indexOf('not authorized')) >= 0

So now it is not passed as 'not authorized' !== ' isn't authorized'

Expected behavior

If user token is invalid and autoRefreshTokens === true, user token should be refreshed

Steps to reproduce the issue

1) Create user account
2) Wait timeout to user token invalidated on Magento Backend
3) Reload application home page

Repository

Can you handle fixing this bug by yourself?

[+] YES
[ ] NO

Which Release Cycle state this refers to? Info for developer.

Pick one option.

[ ] This is a bug report for test version on https://test.storefrontcloud.io - In this case Developer should create branch from develop branch and create Pull Request 2. Feature / Improvement back to develop.
[ ] This is a bug report for current Release Candidate version on https://next.storefrontcloud.io - In this case Developer should create branch from release branch and create Pull Request 3. Stabilisation fix back to release.
[ +] This is a bug report for current Stable version on https://demo.storefrontcloud.io and should be placed in next stable version hotfix - In this case Developer should create branch from hotfix or master branch and create Pull Request 4. Hotfix back to hotfix.

Environment details

Browser: Chrome Version 75.0.3770.100
OS: MacOS 10.13.6
Node: 11.3.0
Code Version: master

Additional information

Medium complexity QA approved after merge bug vs-hackathon

Source

nikblack

All 9 comments

pkarw on 6 Jul 2019

@patzick after refreshing the page, the user is logged out. Please fix it :)

alinadivante on 8 Aug 2019

@alinadivante are you usune the most current vsapi? It could have not yet been fixed to demo instance: I mean the fix for http status codes which is related to that one

pkarw on 8 Aug 2019

Fixed with #3342 :) please retest

patzick on 8 Aug 2019

@patzick ! We forgot about this PR https://github.com/DivanteLtd/vue-storefront/pull/3271
and this one resolves problem, which I mentioned here #3237

When I change manually token in dev console (shop/user/current-token) and open again my account and refresh page - there is info "Consumer is not authorized to access self" but user is still logged in.

and it resolves also this issue: #3343 :)

I think #3271 should be merged to release/v.1.10

alinadivante on 8 Aug 2019

@alinadivante closed in #3345, ported this fix from 1.11
please retest :)

patzick on 9 Aug 2019

❤1

ok, for now it is okay, but sometimes, when user opens the page using URL, than "Consumer is not authorized to access self" message appears (user is still logged in). We should improve this in v1.11

alinadivante on 9 Aug 2019

👍1

Hey, this has definitely not been fixed.
Once the token expires it never gets refreshed.
"Consumer is not authorized to access self" on each and every refresh after that