You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When an authorized user clicks on a single news item link from the frontpage, they are being redirected to /show instead of /editable.
The useAuthorization hook that checks for the user roles via fetchUserInfo in a useEffect, which runs after the RoleRedirect component has been rendered. By this time, the user is already directed to the /show route.
We need to define a way to capture the state where:
Logto is not loading
User is authenticated
User's authorization is not yet determined
Details
When redirecting a user, there are 3 cases we are concerned with:
LOADING
UNAUTHORIZED
AUTHORIZED
Currently we are deriving these cases from useLogtos isLoading, and an isAuthorized state variable that we define and set after the user's roles are fetched (fetchUserInfo) and checked against the allowed roles.
We assume a user is
LOADING when Logto isLoading: true
UNAUTHORIZED when Logto isLoading: false AND isAuthorized: false
AUTHORIZED when Logto isLoading: false AND isAuthorized: true
However, there is a condition when isLoading: false and isAuthorized: false only because fetchUserInfo has not been called yet.
The user is assumed to be UNAUTHORIZED when their actual authorization has yet to be determined.
Solution
Rename isAuthorized to hasRoleMatch
Introduce a new state variable hasCheckedRoles which can be used to help check if a user's authorization has definitively been determined.
Set hasCheckedRoles to true after fetchUserInfo has been called and the role check has been performed.
Resolve the various states variables into 3 outcomes, LOADING/UNAUTHORIZED/AUTHORIZED, according to the chart below.
Return the outcomes from the hook.
Use these outcome values to determine what to render / where to redirect the user in the RoleRedirect component.
flowchart TD
A{Logto isLoading}
B{isAuthenticated}
C{hasCheckedRoles}
D{hasRoleMatch}
L1[LOADING]
L2[LOADING]
UA1[UNAUTHORIZED]
UA2[UNAUTHORIZED]
A -->|Y|L1
A -->|N|B
B -->|N|UA1
B -->|Y|C
C -->|N|L2
C -->|Y|D
D -->|Y|AUTHORIZED
D -->|N|UA2
classDef new stroke:#0f0,fill:#d0f5d0,color:#000
class C,L2 new
linkStyle 4 stroke:#0f0
Loading
The text was updated successfully, but these errors were encountered:
Using a self-defined loading state instead of Logto's loading state to
indicate whether the user's role check has been completed. Previously
relying on Logto's loading state to determine whether the user's role
has been checked was incorrect.
Fixes#817
Table of Contents
Issue Summary
When an authorized user clicks on a single news item link from the frontpage, they are being redirected to /show instead of /editable.
The
useAuthorization
hook that checks for the user roles viafetchUserInfo
in auseEffect
, which runs after theRoleRedirect
component has been rendered. By this time, the user is already directed to the/show
route.We need to define a way to capture the state where:
authenticated
Details
When redirecting a user, there are 3 cases we are concerned with:
Currently we are deriving these cases from
useLogto
sisLoading
, and anisAuthorized
state variable that we define and set after the user's roles are fetched (fetchUserInfo
) and checked against the allowed roles.We assume a user is
However, there is a condition when
isLoading: false
andisAuthorized: false
only becausefetchUserInfo
has not been called yet.The user is assumed to be UNAUTHORIZED when their actual authorization has yet to be determined.
Solution
isAuthorized
tohasRoleMatch
hasCheckedRoles
which can be used to help check if a user's authorization has definitively been determined.hasCheckedRoles
to true afterfetchUserInfo
has been called and the role check has been performed.RoleRedirect
component.The text was updated successfully, but these errors were encountered: