i5-Toolkit-for-Unity icon indicating copy to clipboard operation
i5-Toolkit-for-Unity copied to clipboard

Published 20 hours ago verified publisher icon rwth-acis

Misleading IsLoggedIn implementation in OpenIDConnectService

Open AKissMail opened this issue 6 months ago • 0 comments

In the OpenIDConnectService class, the IsLoggedIn property is implemented as:

public bool IsLoggedIn { get => !string.IsNullOrEmpty(AccessToken); }

However, this implementation is misleading:

  1. The name and XML summary imply reliable login state detection, but the logic only checks whether the AccessToken is non-empty.
  2. There is no validation of the token's validity, expiry, or whether it has been revoked.
  3. This could lead to incorrect assumptions elsewhere in the application, where IsLoggedIn == true is interpreted as "user is currently authenticated".

Suggestion: Either rename the property to something more neutral (e.g. HasAccessToken) or implement a token validation there.

AKissMail avatar May 08 '25 14:05 AKissMail