dancefinder/dancefinder-app
5
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Activity

fix(apollo): logout on stale Auth0 token errors #2887

Merged
argoyle merged 1 commits from fix/logout-on-stale-auth into main 2026-05-05 17:37:01 +00:00
Conversation 0 Commits 1 Files Changed 1
+13 -1
argoyle commented 2026-05-05 17:30:42 +00:00
Owner
Copy Link
Copy Source

Summary

  • When getAccessTokenSilently rejects with login_required, invalid_grant, missing_refresh_token, consent_required, or interaction_required, call auth0.logout({ openUrl: false })
  • Keeps the UI honest: previously the app showed the user as logged in while every authenticated query silently failed, until they manually logged out and back in

Why

Paired with the backend change to make Origins tolerate missing subjects, this prevents the misleading "logged in but nothing works" state seen on mobile cold starts.

Test plan

  • npm run lint
  • Verify on phone: stale auth flips UI to logged-out instead of looking logged-in with empty events
## Summary - When `getAccessTokenSilently` rejects with `login_required`, `invalid_grant`, `missing_refresh_token`, `consent_required`, or `interaction_required`, call `auth0.logout({ openUrl: false })` - Keeps the UI honest: previously the app showed the user as logged in while every authenticated query silently failed, until they manually logged out and back in ## Why Paired with the backend change to make `Origins` tolerate missing subjects, this prevents the misleading "logged in but nothing works" state seen on mobile cold starts. ## Test plan - [x] `npm run lint` - [ ] Verify on phone: stale auth flips UI to logged-out instead of looking logged-in with empty events
argoyle added 1 commit 2026-05-05 17:30:43 +00:00
fix(apollo): logout on stale Auth0 token errors
dancefinder-app / build (pull_request) Successful in 2m57s
Details
dancefinder-app / deploy-prod (pull_request) Has been skipped
Details
00d6c08db2 
When getAccessTokenSilently fails with login_required, invalid_grant,
missing_refresh_token, consent_required or interaction_required, log
the user out (without redirect) so the UI reflects reality instead of
appearing logged in while every authenticated query silently fails.
argoyle scheduled this pull request to auto merge when all checks succeed 2026-05-05 17:31:33 +00:00
argoyle merged commit 189e35acf8 into main 2026-05-05 17:37:01 +00:00
argoyle deleted branch fix/logout-on-stale-auth 2026-05-05 17:37:02 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
dependencies
Pull requests that update a dependency file
 docker
javascript
security
Pull requests that address a security vulnerability
 severity:critical
severity:high
severity:low
severity:moderate
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
argoyle (Joakim Olsson) buildtools (Buildtools) kubernetes (Kubernetes) releaser (Unbound Releaser) renovate (Renovate Bot)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: dancefinder/dancefinder-app#2887
Delete Branch "fix/logout-on-stale-auth"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?