令牌过期后重新登录时,Auth0不会显示登录窗口

问题描述 投票:0回答:1

我正在使用Auth0,我有一个问题,在用户令牌过期后,用户尝试重新登录,它根本不会将用户重定向到登录窗口,而只是在用户点击登录链接时自动登录。

如果我手动注销然后重新登录它们就可以了,然后它会再次请求验证。

我尝试删除有关用户的所有localstorage内存,但它仍然无法修复它。

export const expiredAtKey = 'expired_at';
export const uidKey = 'uid';
export const urlStateKey = 'urlState';

@Injectable()
export class Auth {
    auth0 = new auth0.WebAuth({
        clientID: environment.auth0ClientId,
        domain: environment.auth0Domain,
        responseType: 'token id_token',
        redirectUri: `${constants.ORIGIN_URL}/auth`,
        scope: 'openid email'
    });

    constructor(private router: Router,
                public dialog: MatDialog,
                private http: HttpClient) {
    }

    public handleAuthentication(): void {
        this.auth0.parseHash(this.handleAuthResult);
    }

    public login() {
        //I have tried to clear local storage everytime user call login to prevent this to happen, but it still skip the login window
        this.clearLocalStorage();
        localStorage.setItem(urlStateKey, location.pathname);
        this.auth0.authorize();
    };

    public signUp(email, password, cb) {
        this.auth0.signupAndAuthorize({
            email: email,
            password: password,
            connection: environment.auth0Connection
        }, cb);
    }

    public authenticated() {     
        const exp = localStorage.getItem(expiredAtKey);
        if (!exp) {
            return false;
        }
        const expiresAt = JSON.parse(localStorage.getItem(expiredAtKey));
        return new Date().getTime() < expiresAt;
    };

    public logout() {
      this.clearLocalStorage();
      window.location.href = `https://${ environment.auth0Domain }/v2/logout?returnTo=${ constants.ORIGIN_URL }`;
    };

    public setSession(authResult): void {
        const idToken = jwtDecode(authResult.idToken);
        localStorage.setItem('idToken', authResult.idToken);
        localStorage.setItem(uidKey, idToken.email);
        localStorage.setItem('userId', idToken.sub);
        const expiresAt = JSON.stringify(idToken.exp * 1000);
    localStorage.setItem(expiredAtKey, expiresAt);
    }

    private handleAuthResult = (err, authResult) => {
        if (err) {
            if (!environment.production) {
                console.log(err);
            }
            if(err.errorDescription === "Please verify your email before logging in."){
                this.dialog.open(
                    ErrorDialogComponent,
                    { data: "Please verify your email before logging in."}
                );
                this.router.navigate(['/initiatives'])
            }else{
                this.dialog.open(
                    ErrorDialogComponent,
                    { data: "An error occurred while trying to authenticate. Please ensure private browsing is disabled and try again."}
                );
                this.router.navigate(['/initiatives'])
            }
        } else if (authResult && authResult.idToken && authResult.idToken !== 'undefined') { 
            this.setSession(authResult);
            const path = localStorage.getItem(urlStateKey);
            this.router.navigateByUrl(path);
        }
    };

    clearLocalStorage() {
        localStorage.removeItem(expiredAtKey);
        localStorage.removeItem(uidKey);
        localStorage.removeItem(urlStateKey);
        localStorage.removeItem('userId')
    }
}

我希望用户在令牌过期后再次进行身份验证。

auth0
1个回答
0
投票

这是由于在服务器中设置SSO cookie以维持会话而发生的。要清除服务器端会话,您需要在令牌过期时将用户重定向到/ logout端点。注销方法就是这样做的。 https://auth0.com/docs/sso/current/single-page-apps

© www.soinside.com 2019 - 2024. All rights reserved.