api-management-developer-portal
api-management-developer-portal copied to clipboard
Azure
Deep links - Empty API displayed when session is expired or user logged out
Bug description
Recently the behavior of deep links changed (see #1931 ) so that the URL of e.g. an API details page with the operation could be copy pasted and the recipient can simply click the link and be forwarded. If the recipient who clicked the link was not logged in the sign in page would open and after the login he would be forwarded to the specified page. This is intended and good behavior.
But there is an issue if a session expired and a (correct and working) deep link is clicked the API details page is displayed like this:
Reproduction steps
- Clear cookies
- Click deep link 1 -> Successful after login
- Keep page open
- Create deep link 2
- Click deep link 2 -> Successful without login
- Close window
- Click deep link 2 -> Successful
- Logout
- Close window
- Click deep link 2 -> Empty API & no login required See screenshot in Bug description
- Refresh page with "Shift + F5" (normal refresh is not helping) -> Successful after login
Expected behavior
It is expected that if a session expired or the user is logged out of the DevPortal to be forwarded first to the sign in page and then to the target page. The issue that users see that an API is not existing should not be possible and should be avoided.
When not logged in/no active session exists:
- Forward to sign in page
- After login forward to target page
When logged in/active session exists:
- Immediately go to target page
- No hard refresh necessary to see the correct page
Is your portal managed or self-hosted?
Managed
Environment
- Operating system: Windows
- Browser: Chrome
- Version: Version 107.0.5304.123
