mozilla-releng / balrog / #5613

90%

push

circleci

Don't rely on a token's liveness to choose whether to get a new one (#3832)

In ce2e38dec, I "abused"
`getIdTokenClaims` as a way to detect whether someone was logged in or
not to avoid calling `getAccessTokenSilently` since that would trigger a
full login sequence on its own. Turns out auth0 had a `isAuthenticated`
variable I could use for that the whole time.

We're making this change now because turning refresh tokens back on
means that auth0 doesn't discard `auth0.user` anymore (since they have a
refresh token), which leads the UI to think and show the user as logged
in, but it does discard the claims from the cache once expired which
makes axios think the user isn't.

And `getAccessTokenSilently` is the initiator of the refresh,
which means an expired token would make `getIdTokenClaims` return
`undefined`, which we considered as "not logged in", which prevents us
from actually trying to refresh said token. Switching to
`isAuthenticated` fixes that entirely.

2192 of 2574 branches covered (85.16%)

Branch coverage included in aggregate %.

5768 of 6276 relevant lines covered (91.91%)

0.92 hits per line