Feat/new auth workflow#248
Conversation
Do not redirect on failure to renew session, instead show a modal. Allow login via pop-up. Fix flow also for embed mode.
- handleAuthError now checks userContextReady before deciding between the session expired modal (mid-session failure) and the access denied page (startup/login failure). Cleans up the anonymous-route fall-through that was triggering the modal during initial load or callback processing. - accessDenied page shows "Error signing in" with an appropriate hint when reached via reason=loginError (startup failures); retains the existing "Not logged in" copy for session-expiry navigations. - SessionExpiredModal redirects to home after a successful reconnect if the current route is a transient auth page (login, oidcCallback, etc.) - Logo on accessDenied, oidcCallback and SessionExpiredModal is wrapped in a router-link to home.
|
Reviewed PR 248. Popup reconnect, session-expired modal UX, and startup vs mid-session error routing look solid. Three issues should be fixed before merge:
reloadUserFromStorage() is implemented on AuthService but not declared on AuthServiceInterface. SessionExpiredModal calls it via useAuthService(), which breaks vue-tsc (TS2339). login.vue is unaffected because it uses the concrete authService import.
handleAuthError(route) accepts one argument. Resolve.vue calls handleAuthError(route, { forceLogout: true }). The second argument is not part of the signature and is ignored; forceLogout is not implemented. This fails TypeScript (TS2554) in the typed web-app-webfinger package build.
Both use Promise.race([popupLogin, coopFallback]) with a catch that runs as soon as the popup promise rejects (blocked, dismissed, or other failure). That path closes the BroadcastChannel and sets popup-blocked UI (modal) or abandons login navigation. A COOP fallback complete message that arrives afterward has no listener, so a successful popup callback on the COOP path cannot recover the opener. Users can see a false "popup blocked" state or fail to reconnect even when auth completed in the popup window. |
- Introduced `loginWithPopupCoopFallback` helper to manage popup login with a BroadcastChannel fallback for COOP scenarios. - Updated `SessionExpiredModal` and `login` page to utilize the new helper, simplifying the handling of popup authentication. - Removed redundant BroadcastChannel logic from both components. - Added tests for the new helper to ensure proper functionality and error handling.
3 participants
Attempt to change the auth workflow so that users are no longer redirected from the current page, they see a modal box saying that they are disconnected.
This is to ensure we stop losing any context due to redirections.
When disconnected, users are able to re-login via a pop-up. This should unblock all open tabs.
Its worked started on the first iteration from Rodrigo to bring pop-up auth for when web gets embedded (future implementation of the file picker).