Fixed token caching when using accounts and refresh token rotation
If the current user is in an account context, the token cache expects the account Id to be part of the cache key. However, there was a possibility that this would not occur when the token was added to the cache.
Additionally, when switching between accounts, a new Authorization flow should be entered with the new account Id as a parameter. In the case typical case, this is achieved by way of a hidden iframe in the background. However, for refresh token rotation, this is not viable.
The fix in this case was to update AuthClient#loginWithRedirect to take the new account Id as a parameter which it then includes in the Authorization request it makes.
Users are now expected to call loginWithRedirect programmatically from their storefront app when the account context changes when using refresh token rotation.
See the following example usage.
import { useAuth } from '@broadleaf/auth-react';
const MyComponent = () => {
const { loginWithRedirect } = useAuth();
useEffect(() => {
loginWithRedirect({ accountId });
}, [accountId]);
return (
<button
onClick={() => {
loginWithRedirect({ accountId: 'someValue' });
}}
>
Change Account
</button>
);
}