waltz
waltz copied to clipboard
finos
SSO Integration: enhanced exception handling for JWT issues/expiration
Description
After SSO integration process has been implemented, we should look to add some exception handling to gracefully indicate to the user that there is an issue with the JWT for sso
Upon testing this by modifying the satellizer_token in local storage to force a 'JWTDecodeException' exception, it didn't look like this logic was kicking in. Either it's a faulty implementation and it needs revision or there's a better place to put this. As it stands now, if the sso JWT becomes "bad" or expires, then Waltz won't be able to access many http features.
- The workaround: client manually refreshes the page which would restart the OAuth process and presumably, get the user a new token.
- Ideal state: Waltz recognizes the token is bad and refreshes the page (while avoiding an infinite loop of refreshes)
Perhaps we never really try to implement this, but logging as an issue to consider since I had originally included the proposed solution below in the SSO PR (https://github.com/finos/waltz/pull/6876)
One idea we had in the PoC was to modify these two files with exception handling logic
- waltz-ng/client/common/WaltzHttp.js
- waltz-ng/client/svelte-stores/remote.js
Implementation: WaltzHttp.js
Summary: (Optional, but recommended) There are 4 functions in this file that should be modified to enable exception handling for the token:
- function get(url)
- function post(url, body)
- function put(url, body)
- function _delete(url)
Exception Handling - if there is an issue with the "satellizer_token" (ex. failed signature verification, malformed json, etc), then revoke the token and reload the page.
Setup: Replace the .then(handleResponse); line with exception handling block. The snipped below should be implemented for all 4 functions.
function get(url) {
const requestOptions = {
method: "GET",
headers
};
return fetch(url, requestOptions)
.then(handleResponse)
.catch(e =>{
if(e.error && (e.error.includes('SignatureVerificationException')
|| e.error.includes('JWTDecodeException'))){
localStorage.removeItem("satellizer_token");
window.location.reload();
}
throw e;
});
}
and
Implementation: remote.js
Summary: (Optional, but recommended) There is 1 function in this file that should be modified to enhance exception handling for the token:
- function _fetchData(cache, method, url, data, init = [], config = { force: false })
Exception Handling - if there is an issue with the "satellizer_token" (ex. failed signature verification, malformed json, etc), then revoke the token and reload the page.
Setup: Replace the .catch(e => cache.err(key, e, init)); line with exception handling block. The snipped below should be implemented for the fetchData function.
function _fetchData(cache, method, url, data, init = [], config = { force: false }) {
const key = mkKey(method, url, data);
const forcing = _.get(config, ["force"], false);
const invokeFetch = () => mkPromise(method, url, data)
.then(r => cache.set(key, r.data))
.catch(e => { cache.err(key, e, init))
if(e.error && (e.error.includes('SignatureVerificationException')
|| e.error.includes('JWTDecodeException')
|| e.error.includes('invalid_token'))){
localStorage.removeItem("satellizer_token");
window.location.reload();
}
}
if (cache.has(key)) {
if (forcing) {
invokeFetch();
}
} else {
cache.init(key, init);
invokeFetch();
}
return cache.get(key);
}
Resourcing
We would like to collaborate on this feature
