Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Google refreshAuthToken() doesn't refresh idToken #745

Open
andrei-lifchits opened this issue Dec 18, 2023 · 1 comment
Open

Google refreshAuthToken() doesn't refresh idToken #745

andrei-lifchits opened this issue Dec 18, 2023 · 1 comment

Comments

@andrei-lifchits
Copy link

I'm seeing this behaviour in both my code using this library and in the demo app provided in this repository: when calling refreshAuthToken(), the subscriber to the authState receives a new SocialUser object, but the idToken inside the new user object stays the same. Because this idToken expires after 1 hour, and refreshAuthToken() does not actually fetch a new idToken, my backend rejects the JWT as expired. Looking at the library code, I see that all it does in refreshAuthToken() is call the .revoke endpoint on Google, which doesn't sound like an action that would lead to refreshing of any tokens. Am I missing something here?

@lwestfall
Copy link

I'm going to attempt a PR on this this week. There's quite a few issues with the google provider that make it borderline unusable

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants