Ember Simple Auth - logout when session is invalidated

Question

I set up ember simple auth using oauth2 authentication/ Bearer authorization with an express server. The flow works as intended: access/refresh tokens are issued and refreshed on schedule. When the user logs out, the tokens are revoked on the server and the session is invalidated. Now in the instance that I manually deleted the refresh token on the server, ember will log 'The authenticator "authenticator:oauth2" rejected to restore the session - invalidating…' in the console the next time it requests a refresh. At this point, if I try to reload the page, the session is invalidated and I will then be redirected to the login page.

I would like to invalidate the session/log user out as soon as the token refresh fails, without having to first refresh the page. I thought this was the normal behavior, but I must be wrong/missing something.

score 3 · Answer 1 · answered Apr 03 '16 at 14:31

ember-simple-auth doesn't know your session is invalid unless you say so. Depending on how you're requesting refresh tokens, you should either:

call session.invalidate() on failed refresh
if you're refreshing via an authenticator hook somehow (restore, authenticate, invalidate), return a rejected promise

That will tell ember-simple-auth to redirect to its configured login route.

Note: ember-simple-auth does react to changes to its browser-side session store. That's probably what you're thinking of.

Returning a rejected promise... that may be my answer. Thanks! — Alex Aloia, Apr 04 '16 at 02:09

Ember Simple Auth - logout when session is invalidated

1 Answers1