PM-7745 - SSO Login Strategy - trySetUserKeyWithDeviceKey should use the user id from the IdTokenResponse and not StateService as I suspect it's not working as expected. Thinking there might be a race condition where the user id is null or maybe incorrect. (#8927)

2025-12-12 06:13:38 +00:00 · 2024-04-26 10:18:05 -04:00
parent acea273f97
commit 7f5efcc18c
1 changed files with 5 additions and 4 deletions
--- a/libs/auth/src/common/login-strategies/sso-login.strategy.ts
+++ b/libs/auth/src/common/login-strategies/sso-login.strategy.ts
@@ -244,7 +244,7 @@ export class SsoLoginStrategy extends LoginStrategy {

      // Only try to set user key with device key if admin approval request was not successful
      if (!hasUserKey) {
-        await this.trySetUserKeyWithDeviceKey(tokenResponse);
+        await this.trySetUserKeyWithDeviceKey(tokenResponse, userId);
      }
    } else if (
      masterKeyEncryptedUserKey != null &&
@@ -312,11 +312,12 @@ export class SsoLoginStrategy extends LoginStrategy {
    }
  }

-  private async trySetUserKeyWithDeviceKey(tokenResponse: IdentityTokenResponse): Promise<void> {
+  private async trySetUserKeyWithDeviceKey(
+    tokenResponse: IdentityTokenResponse,
+    userId: UserId,
+  ): Promise<void> {
    const trustedDeviceOption = tokenResponse.userDecryptionOptions?.trustedDeviceOption;

-    const userId = (await this.stateService.getUserId()) as UserId;
-
    const deviceKey = await this.deviceTrustService.getDeviceKey(userId);
    const encDevicePrivateKey = trustedDeviceOption?.encryptedPrivateKey;
    const encUserKey = trustedDeviceOption?.encryptedUserKey;