gatsby-theme-auth0
gatsby-theme-auth0 copied to clipboard
epilande
Only call checkSession if the token has expired
This small change addresses #150 by not calling checkSession() unnecessarily.
Before
checkSession() called from every useAuth(). Led to #150. In a typical Gatsby app, this led to many requests to Auth0 from every page:
After
checkSession() only called after the token has expired. Same app with the same navigation pattern (3 clicks/pages):
Potential drawbacks
- In the rare event that the user changes their information with Auth0 (or the social identity profile) while logged into the app, that information won't be reflected until they refresh the token. Users typically tend to reload the page in this scenario, which would typically trigger the app calling
checkSession()in its initialization, so the issue is minor. - If the user's token is revoked, they'll still be able to access client-side information they had access to, until the token expires (2 hours by default with Auth0, I think). However, server-side security would reject the invalidated JWT.
Notes
I've remove the try/catch from that block, as I'm not sure when it the catch would ever occur. setUser() wouldn't trigger is, and auth.getUserProfile(); simply accesses this.userProfile;.
Deploy request for gatsby-theme-auth0 pending review.
Review with commit 471461b776b28bb658d38f87b52da7a10f513e7a
https://app.netlify.com/sites/gatsby-theme-auth0/deploys
![netlify[bot] avatar](https://avatars.githubusercontent.com/in/13473?v=4 "Published by a pub.dev verified publisher"){kind=small}
Deploy request for gatsby-theme-auth0-custom pending review.
Review with commit 471461b776b28bb658d38f87b52da7a10f513e7a
https://app.netlify.com/sites/gatsby-theme-auth0-custom/deploys