Skip to content

fix: addSession verify that token matches network#2096

Open
pawelstepien-da wants to merge 10 commits into
mainfrom
pawel/addsession-verify-token
Open

fix: addSession verify that token matches network#2096
pawelstepien-da wants to merge 10 commits into
mainfrom
pawel/addsession-verify-token

Conversation

@pawelstepien-da

@pawelstepien-da pawelstepien-da commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

In userApi.addSession add verification that accessToken claims iss, aud, sub, scp and scope match their counterparts in auth of the network passed as argument.
Adjust mock-oauth2 hardcoded scp and scope claims to match values defined in WG config default networks.
In login-callback if addSession fails show error toast.

Signed-off-by: Pawel Stepien <pawel.stepien@digitalasset.com>
Signed-off-by: Pawel Stepien <pawel.stepien@digitalasset.com>
…t networks

Signed-off-by: Pawel Stepien <pawel.stepien@digitalasset.com>
Signed-off-by: Pawel Stepien <pawel.stepien@digitalasset.com>
Signed-off-by: Pawel Stepien <pawel.stepien@digitalasset.com>
Signed-off-by: Pawel Stepien <pawel.stepien@digitalasset.com>
Signed-off-by: Pawel Stepien <pawel.stepien@digitalasset.com>
…dsession-verify-token

Signed-off-by: Pawel Stepien <pawel.stepien@digitalasset.com>
@pawelstepien-da pawelstepien-da marked this pull request as ready for review July 9, 2026 12:15
@pawelstepien-da pawelstepien-da requested a review from a team as a code owner July 9, 2026 12:15
.then(() => {
redirectToIntendedOrDefault()
})
.catch(handleErrorToast)

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Potentially we could also call stateManager.clearAuthState and redirect to login, but that would clear the error toast from HTML before user can see it, additional workaround would be needed. Open for discussion how to handle it UX-wise.
That situation happens when there are issues with accessToken that make addSession fail. Before it just stayed at this page forever displaying "Logged in!", with my change it at least indicates that there was some error.

Signed-off-by: Pawel Stepien <pawel.stepien@digitalasset.com>
…dsession-verify-token

Signed-off-by: Pawel Stepien <pawel.stepien@digitalasset.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant