From b76ac67a4a573963086d5ec32c674c309256a573 Mon Sep 17 00:00:00 2001 From: cazo <79615454+Cassolette@users.noreply.github.com> Date: Wed, 11 Mar 2026 11:05:21 +0000 Subject: [PATCH 1/3] fix: let IDP decide auth workflow on access token renew failure --- .../web-pkg/src/composables/authContext/useAuthService.ts | 2 +- packages/web-runtime/src/services/auth/authService.ts | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/packages/web-pkg/src/composables/authContext/useAuthService.ts b/packages/web-pkg/src/composables/authContext/useAuthService.ts index 224533ce49..098e6eef89 100644 --- a/packages/web-pkg/src/composables/authContext/useAuthService.ts +++ b/packages/web-pkg/src/composables/authContext/useAuthService.ts @@ -2,7 +2,7 @@ import { useService } from '../service' import { NavigationFailure } from 'vue-router' export interface AuthServiceInterface { - handleAuthError(route: any, options?: { forceLogout?: boolean }): any + handleAuthError(route: any, options?: { forceSignin?: boolean }): any signinSilent(): Promise logoutUser(): Promise getRefreshToken(): Promise diff --git a/packages/web-runtime/src/services/auth/authService.ts b/packages/web-runtime/src/services/auth/authService.ts index 0d89a14965..ab986d6fa9 100644 --- a/packages/web-runtime/src/services/auth/authService.ts +++ b/packages/web-runtime/src/services/auth/authService.ts @@ -143,7 +143,7 @@ export class AuthService implements AuthServiceInterface { this.userManager.events.addAccessTokenExpired((): void => { const handleExpirationError = () => { console.error('AccessToken Expired') - this.handleAuthError(unref(this.router.currentRoute), { forceLogout: true }) + this.handleAuthError(unref(this.router.currentRoute), { forceSignin: true }) } // retry silent signin once, force logout if it fails @@ -297,7 +297,7 @@ export class AuthService implements AuthServiceInterface { public async handleAuthError( route: RouteLocation, - { forceLogout = false }: { forceLogout?: boolean } = {} + { forceSignin = false }: { forceSignin?: boolean } = {} ) { if (isPublicLinkContextRequired(this.router, route)) { const token = extractPublicLinkToken(route) @@ -309,9 +309,9 @@ export class AuthService implements AuthServiceInterface { }) } if (isUserContextRequired(this.router, route) || isIdpContextRequired(this.router, route)) { - if (forceLogout) { + if (forceSignin) { this.tokenTimerWorker?.resetTokenTimer() - await this.logoutUser() + await this.loginUser(route.fullPath) return } From 0794e81f04b525a83ff68ca95a535ceb6c80706f Mon Sep 17 00:00:00 2001 From: cazo <79615454+Cassolette@users.noreply.github.com> Date: Wed, 11 Mar 2026 12:18:13 +0000 Subject: [PATCH 2/3] fix: make better attempts at access token refresh while offline --- .../src/services/auth/authService.ts | 21 +++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/packages/web-runtime/src/services/auth/authService.ts b/packages/web-runtime/src/services/auth/authService.ts index ab986d6fa9..a90f6261a1 100644 --- a/packages/web-runtime/src/services/auth/authService.ts +++ b/packages/web-runtime/src/services/auth/authService.ts @@ -146,8 +146,25 @@ export class AuthService implements AuthServiceInterface { this.handleAuthError(unref(this.router.currentRoute), { forceSignin: true }) } - // retry silent signin once, force logout if it fails - this.userManager.signinSilent().catch(handleExpirationError) + // attempt silent signin in a retry loop. on network error, we retry every 2s up to 10 + // times (20s). beyond or for any other error, we fallback to idp sign in. + const signinWithNetworkRetry = async (retriesLeft: number) => { + try { + await this.userManager.signinSilent() + } catch (error) { + const isDueToNetworkError = + error instanceof TypeError && error.message.toLowerCase().includes('fetch') + if (isDueToNetworkError && retriesLeft > 0) { + console.debug(`signinSilent failed due to network error, retrying (${retriesLeft})`) + await new Promise((resolve) => setTimeout(resolve, 2000)) + return signinWithNetworkRetry(retriesLeft - 1) + } + + handleExpirationError() + } + } + + signinWithNetworkRetry(10) }) this.userManager.events.addAccessTokenExpiring(() => { From 2edd589966c64dec9e0c7453023076fca58ff5d6 Mon Sep 17 00:00:00 2001 From: cazo <79615454+Cassolette@users.noreply.github.com> Date: Thu, 12 Mar 2026 00:28:27 +0800 Subject: [PATCH 3/3] don't use browser specific exception msg --- packages/web-runtime/src/services/auth/authService.ts | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/packages/web-runtime/src/services/auth/authService.ts b/packages/web-runtime/src/services/auth/authService.ts index a90f6261a1..c9511ea75f 100644 --- a/packages/web-runtime/src/services/auth/authService.ts +++ b/packages/web-runtime/src/services/auth/authService.ts @@ -152,8 +152,7 @@ export class AuthService implements AuthServiceInterface { try { await this.userManager.signinSilent() } catch (error) { - const isDueToNetworkError = - error instanceof TypeError && error.message.toLowerCase().includes('fetch') + const isDueToNetworkError = error instanceof TypeError if (isDueToNetworkError && retriesLeft > 0) { console.debug(`signinSilent failed due to network error, retrying (${retriesLeft})`) await new Promise((resolve) => setTimeout(resolve, 2000))