[web] Handle invalid CSAT in Identity client

Summary: Part of [[ https://linear.app/comm/issue/ENG-6664/invalidate-csat-on-clients-if-services-return-http-403 | ENG-6664 ]] On web, we cannot use the same approach as on native because Identity calls are done on shared worker, while hook needs to be called on main context. Depends on D14024 Test Plan: Manual testing with mocked invalid access token. Identity authed RPC calls end up with logout. Reviewers: kamil, varun Reviewed By: kamil Subscribers: ashoat, tomek Differential Revision: https://phab.comm.dev/D14025
CommE2E · Nov 29, 2024 · 346a9e5 · 346a9e5
1 parent f2473ee
commit 346a9e5
Showing 1 changed file with 18 additions and 6 deletions.
diff --git a/web/grpc/identity-service-context-provider.react.js b/web/grpc/identity-service-context-provider.react.js
@@ -3,6 +3,7 @@
 import _isEqual from 'lodash/fp/isEqual.js';
 import * as React from 'react';
 
+import { useInvalidCSATLogOut } from 'lib/actions/user-actions.js';
 import {
   IdentityClientContext,
   type AuthMetadata,
@@ -12,6 +13,7 @@ import type {
   IdentityServiceAuthLayer,
 } from 'lib/types/identity-service-types.js';
 import { getContentSigningKey } from 'lib/utils/crypto-utils.js';
+import { getMessageForException } from 'lib/utils/errors.js';
 
 import { useSelector } from '../redux/redux-utils.js';
 import { getCommSharedWorker } from '../shared-worker/shared-worker-provider.js';
@@ -83,17 +85,27 @@ function IdentityServiceContextProvider(props: Props): React.Node {
     void ensureThatWorkerClientAuthMetadataIsCurrent();
   }, [ensureThatWorkerClientAuthMetadataIsCurrent]);
 
+  const invalidTokenLogOut = useInvalidCSATLogOut();
   const proxyMethodToWorker: CreateMethodWorkerProxy = React.useCallback(
     method =>
       async (...args: $ReadOnlyArray<mixed>) => {
         await ensureThatWorkerClientAuthMetadataIsCurrent();
 
         const sharedWorker = await getCommSharedWorker();
-        const result = await sharedWorker.schedule({
-          type: workerRequestMessageTypes.CALL_IDENTITY_CLIENT_METHOD,
-          method,
-          args,
-        });
+        let result;
+        try {
+          result = await sharedWorker.schedule({
+            type: workerRequestMessageTypes.CALL_IDENTITY_CLIENT_METHOD,
+            method,
+            args,
+          });
+        } catch (e) {
+          const message = getMessageForException(e);
+          if (message === 'bad_credentials') {
+            void invalidTokenLogOut();
+          }
+          throw e;
+        }
 
         if (!result) {
           throw new Error(
@@ -112,7 +124,7 @@ function IdentityServiceContextProvider(props: Props): React.Node {
         // Worker should return a message with the corresponding return type
         return (result.result: any);
       },
-    [ensureThatWorkerClientAuthMetadataIsCurrent],
+    [ensureThatWorkerClientAuthMetadataIsCurrent, invalidTokenLogOut],
   );
 
   const client = React.useMemo<IdentityServiceClient>(() => {