fix[okta-react]: Fixes login_required error (#302)

The TokenManager throws an error when tries to renew a token but Okta session is expired. The SDK should capture that error in the getAccessToken and getIdToken functions and return undefined instead. In this way, also the isAuthenticated function will return false, so the router can correctly redirect to a new login.
okta · Sep 21, 2018 · dbfb7de · dbfb7de
1 parent eb33a6b
commit dbfb7de
Show file tree

Hide file tree

Showing 2 changed files with 52 additions and 7 deletions.
diff --git a/packages/okta-react/src/Auth.js b/packages/okta-react/src/Auth.js
@@ -71,13 +71,27 @@ export default class Auth {
   }
 
   async getIdToken() {
-    const idToken = await this._oktaAuth.tokenManager.get('idToken');
-    return idToken ? idToken.idToken : undefined;
+    try {
+      const idToken = await this._oktaAuth.tokenManager.get('idToken');
+      return idToken.idToken;
+    } catch (err) {
+      // The user no longer has an existing SSO session in the browser.
+      // (OIDC error `login_required`)
+      // Ask the user to authenticate again.
+      return undefined;
+    }
   }
 
   async getAccessToken() {
-    const accessToken = await this._oktaAuth.tokenManager.get('accessToken');
-    return accessToken ? accessToken.accessToken : undefined;
+    try {
+      const accessToken = await this._oktaAuth.tokenManager.get('accessToken');
+      return accessToken.accessToken;
+    } catch (err) {
+      // The user no longer has an existing SSO session in the browser.
+      // (OIDC error `login_required`)
+      // Ask the user to authenticate again.
+      return undefined;
+    }
   }
 
   async login(fromUri, additionalParams) {

diff --git a/packages/okta-react/test/jest/auth.test.js b/packages/okta-react/test/jest/auth.test.js
@@ -38,11 +38,24 @@ const mockAuthJsInstance = {
   }
 };
 
-AuthJS.mockImplementation(() => {
-  return mockAuthJsInstance
-});
+const mockAuthJsInstanceWithError = {
+  userAgent: 'okta-auth-js',
+  tokenManager: {
+    get: jest.fn().mockImplementation(() => {
+      throw new Error();
+    })
+  },
+  token: {
+    getWithRedirect: jest.fn()
+  }
+};
 
 describe('Auth component', () => {
+  beforeEach(() => {
+    AuthJS.mockImplementation(() => {
+      return mockAuthJsInstance
+    });
+  });
   test('sets the right user agent on AuthJS', () => {
     const auth = new Auth({
       issuer: 'https://foo/oauth2/default'
@@ -122,4 +135,22 @@ describe('Auth component', () => {
       foo: 'bar'
     });
   });
+  test('isAuthenticated() returns true when the TokenManager returns an access token', async () => {
+    const auth = new Auth({
+      issuer: 'https://foo/oauth2/default'
+    });
+    const authenticated = await auth.isAuthenticated();
+    expect(mockAuthJsInstance.tokenManager.get).toHaveBeenCalledWith('accessToken');
+    expect(authenticated).toBeTruthy();
+  });
+  test('isAuthenticated() returns false when the TokenManager does not return an access token', async () => {
+    AuthJS.mockImplementation(() => {
+      return mockAuthJsInstanceWithError
+    });
+    const auth = new Auth({
+      issuer: 'https://foo/oauth2/default'
+    });
+    const authenticated = await auth.isAuthenticated();
+    expect(authenticated).toBeFalsy();
+  });
 });