egullickson/motovaultpro
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: Detect and clear stale IndexedDB auth tokens on mobile (#188) #190

New Issue
Closed
opened 2026-02-15 03:45:40 +00:00 by egullickson · 0 comments
egullickson commented 2026-02-15 03:45:40 +00:00
Owner
Copy Link

Relates to #188

Summary

Fix stale token detection in TokenInjector so that expired IndexedDB tokens don't cause isAuthenticated to be incorrectly true, which prevents loginWithRedirect() from being called.

Problem

Auth0 SDK reads expired tokens from IndexedDB cache and temporarily evaluates isAuthenticated = true. When user taps "Login", handleAuthAction() sees isAuthenticated = true and calls navigate('/garage') instead of loginWithRedirect(). Tokens fail validation, isAuthenticated reverts to false, and user bounces back to homepage.

Changes

  • File: frontend/src/core/auth/Auth0Provider.tsx
    • After isAuthenticated becomes true, validate token is usable via getAccessTokenSilently({ cacheMode: 'off' })
    • If validation fails with login_required or consent_required, clear IndexedDB cache and reset Auth0 SDK state
  • File: frontend/src/core/utils/indexeddb-storage.ts
    • Add clearAll() method to clear all cached auth tokens programmatically

Acceptance Criteria

  • Stale tokens are detected and cleared automatically
  • After clearing, isAuthenticated correctly reports false
  • User can then tap Login and reach Auth0 login page
Relates to #188 ## Summary Fix stale token detection in TokenInjector so that expired IndexedDB tokens don't cause `isAuthenticated` to be incorrectly `true`, which prevents `loginWithRedirect()` from being called. ## Problem Auth0 SDK reads expired tokens from IndexedDB cache and temporarily evaluates `isAuthenticated = true`. When user taps "Login", `handleAuthAction()` sees `isAuthenticated = true` and calls `navigate('/garage')` instead of `loginWithRedirect()`. Tokens fail validation, `isAuthenticated` reverts to `false`, and user bounces back to homepage. ## Changes - **File**: `frontend/src/core/auth/Auth0Provider.tsx` - After `isAuthenticated` becomes `true`, validate token is usable via `getAccessTokenSilently({ cacheMode: 'off' })` - If validation fails with `login_required` or `consent_required`, clear IndexedDB cache and reset Auth0 SDK state - **File**: `frontend/src/core/utils/indexeddb-storage.ts` - Add `clearAll()` method to clear all cached auth tokens programmatically ## Acceptance Criteria - [ ] Stale tokens are detected and cleared automatically - [ ] After clearing, `isAuthenticated` correctly reports `false` - [ ] User can then tap Login and reach Auth0 login page
egullickson added the
status
in-progress
type
bug
 labels 2026-02-15 03:45:52 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
status
backlog
status/blocked
status
done
status
in-progress
status
ready
status
review
type
bug
type
chore
type
docs
type
feature
No Label
status
in-progress
type
bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
egullickson
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: egullickson/motovaultpro#190
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?