fix(auth): handles refresh token flow correctly

2025-05-08 02:15:56 -04:00
parent e073ef8540
commit 41379e821e
4 changed files with 5 additions and 20 deletions
--- a/backend/src/Web/DependencyInjection.cs
+++ b/backend/src/Web/DependencyInjection.cs
@@ -39,11 +39,7 @@ public static class DependencyInjection
            .AddAuthentication(options =>
            {
                options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
-                options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
-            })
-            .AddCookie("Identity.Application", options =>
-            {
-                options.LoginPath = "/api/Users/login";
+                options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
            });

        var authJwt = configuration.GetSection("Authentication:Jwt");
--- a/backend/src/Web/Features/Users/DependencyInjection.cs
+++ b/backend/src/Web/Features/Users/DependencyInjection.cs
@@ -30,7 +30,6 @@ public static class DependencyInjection
            .AddRoles<IdentityRole>()
            .AddEntityFrameworkStores<ApplicationDbContext>()
            .AddApiEndpoints()
-            .AddSignInManager<SignInManager<IdentityUser>>()
            .AddDefaultTokenProviders();

        // Singleton services
--- a/backend/src/Web/Features/Users/Handlers/LoginWithFacebook.cs
+++ b/backend/src/Web/Features/Users/Handlers/LoginWithFacebook.cs
@@ -42,7 +42,6 @@ public record LoginWithFacebookResponse(
 public class LoginWithFacebookHandler(
    IHttpClientFactory httpClientFactory,
    IdentityUserManager userManager,
-    SignInManager<IdentityUser> signInManager,
    IOptionsSnapshot<JwtOptions> jwtOptions)
    : Endpoint<LoginWithFacebookRequest, LoginWithFacebookResponse>
 {
@@ -116,8 +115,6 @@ public class LoginWithFacebookHandler(
            user = generatedUser;
        }

-        await signInManager.SignInAsync(user, isPersistent: false);
-
        // Generate refresh token
        var refreshToken = RefreshTokenGenerator.Next();

--- a/backend/src/Web/Features/Users/Handlers/LoginWithGoogle.cs
+++ b/backend/src/Web/Features/Users/Handlers/LoginWithGoogle.cs
@@ -42,7 +42,6 @@ public record LoginWithGoogleResponse(
 public class LoginWithGoogleHandler(
    IHttpClientFactory httpClientFactory,
    IdentityUserManager userManager,
-    SignInManager<IdentityUser> signInManager,
    IOptionsSnapshot<JwtOptions> jwtOptions)
    : Endpoint<LoginWithGoogleRequest, LoginWithGoogleResponse>
 {
@@ -123,16 +122,10 @@ public class LoginWithGoogleHandler(
            user = generatedUser;
        }

-        await signInManager.SignInAsync(user, isPersistent: false);
-
-        // Generate refresh token for existing users
-        if (user.RefreshToken == null)
-        {
-            var refreshToken = RefreshTokenGenerator.Next();
-            user.RefreshToken = refreshToken;
-            user.RefreshTokenExpiryTime = DateTime.UtcNow.Add(jwtOptions.Value.RefreshTokenLifetime);
-            await userManager.UpdateAsync(user);
-        }
+        // Generate new refresh token
+        user.RefreshToken = RefreshTokenGenerator.Next();
+        user.RefreshTokenExpiryTime = DateTime.UtcNow.Add(jwtOptions.Value.RefreshTokenLifetime);
+        await userManager.UpdateAsync(user);

        var accessToken = JwtTokenHelper.GenerateJwtToken(
            expiresIn: jwtOptions.Value.Lifetime,