I set up ember simple auth using oauth2 authentication/ Bearer authorization with an express server. The flow works as intended: access/refresh tokens are issued and refreshed on schedule. When the user logs out, the tokens are revoked on the server and the session is invalidated. Now in the instance that I manually deleted the refresh token on the server, ember will log 'The authenticator "authenticator:oauth2" rejected to restore the session - invalidating…' in the console the next time it requests a refresh. At this point, if I try to reload the page, the session is invalidated and I will then be redirected to the login page.
I would like to invalidate the session/log user out as soon as the token refresh fails, without having to first refresh the page. I thought this was the normal behavior, but I must be wrong/missing something.
Aucun commentaire:
Enregistrer un commentaire