Skip to content

Blazor WASM AuthorizationMessageHandler caches AccessToken even after user has changed #35888

New issue
New issue
Closed
#36358
Closed
Blazor WASM AuthorizationMessageHandler caches AccessToken even after user has changed#35888
#36358
Assignees
TanayParikh
Labels
DoneThis issue has been fixedarea-blazorIncludes: Blazor, Razor ComponentsbugThis issue describes a behavior which is not expected - a bug.
Milestone
 
6.0-rc2
@audacity76

Description

@audacity76
audacity76
opened on Aug 28, 2021

Describe the bug

The Blazor WASM AuthorizationMessageHandler stores the last AccessToken and will update it only if the AccessToken will expire in less than 5 minutes. If the user changes in between the old access token will still be used. Related code:

aspnetcore/src/Components/WebAssembly/WebAssembly.Authentication/src/Services/AuthorizationMessageHandler.cs

Line 53 in 6e0fd83

if (_lastToken == null || now >= _lastToken.Expires.AddMinutes(-5))

The AuthorizationMessageHandler should react to the AuthenticationStateChanged of the AuthenticationStateProvider and remove the last cached token.

To Reproduce

Log in to a Blazor WASM application that uses the AuthorizationMessageHandler , log out and log in with another user. The access token from the first user will be used.

Further technical details

  • All Blazor WASM versions

Metadata

Metadata

Assignees

Labels

DoneThis issue has been fixedarea-blazorIncludes: Blazor, Razor ComponentsbugThis issue describes a behavior which is not expected - a bug.

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions