osm-teams icon indicating copy to clipboard operation
osm-teams copied to clipboard

Published 20 hours ago verified publisher icon developmentseed

Handle specific authentication errors

Open LanesGood opened this issue 1 year ago • 3 comments

Ensure that the API throws a 401 error when user is not authenticated, and then ensure the frontend displays appropriate error messages.

LanesGood avatar Mar 16 '23 14:03 LanesGood

The team page does have an error handler, but no 401 is thrown by the API when a user is not authenticated: https://github.com/developmentseed/osm-teams/blob/develop/src/pages/teams/%5Bid%5D/index.js#L206

Investigate src/middlewares/base-handler.js

LanesGood avatar Mar 16 '23 14:03 LanesGood

Invitations do throw an error status if the user is not logged in, and this is rendered on the frontend: image

All protected routes should check for user authentication, permission, and throw proper errors to render this message when an unauthenticated user visits a protected route.

LanesGood avatar Mar 17 '23 14:03 LanesGood

Example: the nextauth page is displayed when I visit an org page and am not logged in, instead of a "this page is protected" page: image

LanesGood avatar Mar 21 '23 18:03 LanesGood