Skip to content

Blazor WASM AuthorizationMessageHandler caches AccessToken even after user has changed #35888

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
audacity76 opened this issue Aug 28, 2021 · 0 comments · Fixed by #36358
Closed

Blazor WASM AuthorizationMessageHandler caches AccessToken even after user has changed #35888

audacity76 opened this issue Aug 28, 2021 · 0 comments · Fixed by #36358
Assignees
@TanayParikh
Labels
area-blazor Includes: Blazor, Razor Components bug This issue describes a behavior which is not expected - a bug. Done This issue has been fixed
Milestone
6.0-rc2

Comments

@audacity76
Copy link

Describe the bug

The Blazor WASM AuthorizationMessageHandler stores the last AccessToken and will update it only if the AccessToken will expire in less than 5 minutes. If the user changes in between the old access token will still be used. Related code:

aspnetcore/src/Components/WebAssembly/WebAssembly.Authentication/src/Services/AuthorizationMessageHandler.cs

Line 53 in 6e0fd83

if (_lastToken == null || now >= _lastToken.Expires.AddMinutes(-5))

The AuthorizationMessageHandler should react to the AuthenticationStateChanged of the AuthenticationStateProvider and remove the last cached token.

To Reproduce

Log in to a Blazor WASM application that uses the AuthorizationMessageHandler , log out and log in with another user. The access token from the first user will be used.

Further technical details

  • All Blazor WASM versions
@blowdart blowdart added the area-blazor Includes: Blazor, Razor Components label Aug 28, 2021
@mkArtakMSFT mkArtakMSFT added this to the 6.0-rc2 milestone Aug 30, 2021
@ghost ghost added the Working label Sep 1, 2021
@TanayParikh TanayParikh mentioned this issue Sep 10, 2021
Merged
@ghost ghost added Done This issue has been fixed and removed Working labels Sep 10, 2021
@mkArtakMSFT mkArtakMSFT added bug This issue describes a behavior which is not expected - a bug. and removed investigate labels Sep 13, 2021
@ghost ghost locked as resolved and limited conversation to collaborators Nov 3, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@TanayParikh TanayParikh

Labels
area-blazor Includes: Blazor, Razor Components bug This issue describes a behavior which is not expected - a bug. Done This issue has been fixed
Projects
None yet
Milestone
6.0-rc2
Development

Successfully merging a pull request may close this issue.

Invalidate Cached WASM Auth Token on Authentication State Change dotnet/aspnetcore
4 participants
@blowdart @audacity76 @TanayParikh @mkArtakMSFT