AuthProvider triggeres many times getIdentity()
Hello, i'm using Strapi as my backend and I get a lots of API calls that uses method getIdentity() from authProvider.
How to fix it?
28 Replies
Hi @sensib0i. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave:
----------------------
The
getIdentity method in your authProvider is used to get the user's identity. It's called under the hood by the useGetIdentity hook provided by refine. This method is expected to return a resolved promise with the user's identity.
In your case, you're using Strapi as your backend and you're fetching the user's identity using the me method from strapiAuthHelper. If the status of the response is 200, you're returning the user's identity.
If you're experiencing issues with this method, here are a few things you could check:
1. Ensure that the TOKEN_KEY is correctly set in the local storage and it's the correct key for your application.
2. Check if the strapiAuthHelper.me method is correctly implemented and it's returning the expected data.
3. Make sure that the status of the response is correctly checked. If the status is not 200, the method will return null which might not be the expected behavior in your application.
4. Check if the user's data (id, username, email, name, avatar, role) exists in the data object of the response.
Here's an example of how getIdentity method is implemented in the extracts:
In this example, the getIdentity method is fetching the user's identity from Strapi using the me method from strapiAuthHelper and it's returning the user's id, name, and email if the status of the response is 200.
Sources:
- refine-react-invoice-generator-2 (https://refine.dev/blog/refine-react-invoice-generator-2)
- refine-react-admin-invoice-genarator (https://refine.dev/blog/refine-react-admin-invoice-genarator)
- useGetIdentity (https://refine.dev/docs/api-reference/core/hooks/authentication/useGetIdentity)
- authProvider (https://refine.dev/docs/api-reference/core/providers/auth-provider/)
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------<@667849704293269515> kapa.ai is still learning and improving, please let us know how it did by reacting below
unwilling-turquoiseOP•17mo ago
@kapa.ai I mean it works but I it sends multiple API requests each time that shoul be triggered. Is it good?
@kapa.ai u here?
Let me check the knowledge base for you. One moment! :books:
----------------------
Yes, I'm here. How can I assist you further?
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------<@667849704293269515> kapa.ai is still learning and improving, please let us know how it did by reacting below
unwilling-turquoiseOP•17mo ago
@kapa.ai I mean it works but I it sends multiple API requests for the same method
Let me check the knowledge base for you. One moment! :books:
----------------------
The
getIdentity method is called whenever the useGetIdentity hook is used in your application. If you're seeing multiple API requests for the same method, it's likely that the useGetIdentity hook is being called multiple times.
Here are a few things you could check:
1. Check where the useGetIdentity hook is used: If it's used in multiple components that are rendered at the same time, it will result in multiple API calls. Try to limit the usage of this hook to the necessary components only.
2. Check for unnecessary re-renders: If the component using the useGetIdentity hook is re-rendering multiple times, it will result in multiple API calls. Try to optimize your component to avoid unnecessary re-renders.
3. Use a state management solution: If the user's identity is needed in multiple parts of your application, consider storing it in a global state using a state management library like Redux or MobX. This way, you can fetch the user's identity once and access it from anywhere in your application without making additional API calls.
Remember that useGetIdentity hook returns the result of react-query's useQuery which includes properties like isSuccess and isError. You can use these properties to handle loading and error states in your application and avoid unnecessary API calls.
Here's an example of how you can use the useGetIdentity hook:
In this example, the useGetIdentity hook is used to fetch the user's identity and display the user's full name.
Sources:
- useGetIdentity (https://refine.dev/docs/api-reference/core/hooks/authentication/useGetIdentity)
- authProvider (https://refine.dev/docs/api-reference/core/providers/auth-provider/)
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------<@667849704293269515> kapa.ai is still learning and improving, please let us know how it did by reacting below
unwilling-turquoiseOP•17mo ago
@kapa.ai
Ok the problem was here
const accessControlProvider: IAccessControlContext = {
can: async ({ resource, action, params }) => {
// @ts-ignore
// TODO: naprawić ten leak here
// const user = await authProvider?.getIdentity(params);
// console.log(user);
}
}
how should i use that accessControlProvider?
Let me check the knowledge base for you. One moment! :books:
----------------------
The
accessControlProvider is used to manage access control throughout your application. It should have a single asynchronous method named can which is used to check if a desired access will be granted.
Here's an example of how you can use the accessControlProvider:
In this example, the can function checks if the resource is "posts" and the action is "edit". If both conditions are met, it returns { can: false, reason: "Unauthorized" }, otherwise, it returns { can: true }.
You can also access the resource object directly:
In this example, the can function checks if the resourceName is "posts", anyUsefulMeta is true, and the action is "edit". If all conditions are met, it returns { can: false, reason: "Unauthorized" }.
You can then provide the accessControlProvider to the <Refine> component:
Sources:
- accessControlProvider (https://refine.dev/docs/api-reference/core/components/refine-config)
- Access Control Provider (https://refine.dev/docs/api-reference/core/providers/accessControl-provider/)
- Build Access Control Mechanism using Permify (https://refine.dev/blog/build-access-control-permify)
- Build internal tools using Low-Code with refine, React-based framework (https://refine.dev/blog/build-internal-tools-using-low-code-with-refine)
- Remix (https://refine.dev/docs/packages/documentation/routers/remix)
- Next.js (https://refine.dev/docs/packages/documentation/routers/nextjs)
- Build low-code, customizable and authorization ready admin panel with NestJS (https://refine.dev/blog/how-to-access-control-with-nestjs)
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------<@667849704293269515> kapa.ai is still learning and improving, please let us know how it did by reacting below
unwilling-turquoiseOP•17mo ago
@kapa.ai
i want to set it depending on User role, how to do that? to not have leak?
Let me check the knowledge base for you. One moment! :books:
----------------------
To set the
accessControlProvider depending on the user role, you need to fetch the user's role inside the can method. You can use the authProvider's getPermissions method to get the user's role. However, you should be careful to avoid memory leaks.
Here's an example of how you can do this:
In this example, the can function fetches the user's role using authProvider.getPermissions(). If the user's role is 'admin', it allows all actions. If the user's role is 'editor' and the resource is 'posts' and the action is 'edit', it allows the action. For all other cases, it denies the action.
Remember to replace 'admin' and 'editor' with the actual roles in your application.
Sources:
- Implementing Role Based Access Control (https://refine.dev/blog/refine-pixels-6)
- Build Access Control Mechanism using Permify (https://refine.dev/blog/build-access-control-permify)
- User Permissions with Supabase in Refine (https://refine.dev/blog/refine-pixels-6)
- Setting Up User Roles with Supabase Custom Claims (https://refine.dev/blog/refine-pixels-6)
- refine can Method for Supabase Custom Roles (https://refine.dev/blog/refine-pixels-6)
- refine can Method (https://refine.dev/blog/refine-pixels-6)
- refine's accessControlProvider (https://refine.dev/blog/refine-pixels-6)
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------<@667849704293269515> kapa.ai is still learning and improving, please let us know how it did by reacting below
unwilling-turquoiseOP•17mo ago
if someone has similar problem:
the error was actually caused by accessControlProvider
i had a leak over there
like-gold•17mo ago
Hey @sensib0i,
tanstack-query caches your request results. So you don't have to worry about multiple requests.
unwilling-turquoiseOP•17mo ago
Hello!
so it only appears at development mode yes? as i built app it shouldn't happen?
like-gold•17mo ago
Throws a request at each point where you trigger your
accessControlProvider. Development or Production does not matter. This is the best practice for access control operations.unwilling-turquoiseOP•17mo ago
I understand but as you said, I don't have to worry about multiple requests
unwilling-turquoiseOP•17mo ago
unwilling-turquoiseOP•17mo ago
Thats my accessControlProvider
and that my getPermission method inside authProvider
You how to fix it? That makes the problem
like-gold•17mo ago
Actually this is not a problem. Each button calls the
can method independently. So you might be throwing a lot of requests, but the user won't feel any performance issue because the second request with the same parameters will be fetched from the cache.
If user access permissions will not change dynamically
const user = await authProvider?.getPermissions()
You can use localStroge instead, but we don't recommend it for security problems.unwilling-turquoiseOP•17mo ago
Thank you very much for help
rival-black•16mo ago
@salihozdemir Hi. I'm having the same problem but I don't think my api called is cache. The backend won't return the avatar in the jwt token so I have to fetch an api to get the profile by myself.
like-gold•16mo ago
Hey @tads8799,
Default, some refine components like
<EditButton />, <DeleteButton /> and Sider items etc. uses the accessControlProvider if it provided. So, it’s normal.rival-black•16mo ago
@salihozdemir
So you mean it's normal to call them everytime I access Create, List page, ....
like-gold•16mo ago
It's expected behavior for provided refine components. But, you can create your own components without using our components. But it's not recommended because for security reasons you should send request every time when you check the authoization status.
For example the
<Create /> button uses the useCan hook to check if the user has the create permission for the resource. If the user doesn't have the permission, the button is not rendered or disabled according to your configuration.
https://github.com/refinedev/refine/blob/next/packages/antd/src/components/buttons/create/index.tsx#L61-L70rival-black•16mo ago
I understand, I will move the api call to the header