STCOR-789-follow-up: Include /authn/token on the list of always-permi…

…ssible API (#1452)

* STCOR-789: add /authn/token to always-permissible list. Refs STCOR-789

Include `/authn/token` on the list of always-permissible API in order to
allow OTP-for-cookie exchange on return from authentication. Without
this allowance in place, stripes will get stuck in a loop bouncing
between the authn-server (which believes, correctly, that the user has
authenticated) and stripes (which believes, wrongly, that the user has
not authenticated because its "valid AT?" check fails). The AT won't be
valid until after we get to exchange the OTP for an AT by visiting
`/authn/token`.

---------

Co-authored-by: Ryan Berger <rberger@ebsco.com>
Co-authored-by: Zak Burke <zburke@ebsco.com>
(cherry picked from commit f9d82f6)

src/components/Root/FFetch.js

@@ -95,6 +95,7 @@ export class FFetch {
 
     const isPermissibleResource = (string) => {
       const permissible = [
+        '/authn/token',
         '/bl-users/forgotten/password',
         '/bl-users/forgotten/username',
         '/bl-users/login-with-expiry',

src/loginServices.js

@@ -458,7 +458,6 @@ export async function logout(okapiUrl, store) {
     .then(localStorage.removeItem('tenant'))
     .then(localforage.removeItem(SESSION_NAME))
     .then(localforage.removeItem('loginResponse'))
-    .then(removeUnauthorizedPathFromSession)
     .catch((error) => {
       // eslint-disable-next-line no-console
       console.log(`Error logging out: ${JSON.stringify(error)}`);
@@ -804,7 +803,7 @@ export function requestLogin(okapiUrl, store, tenant, data) {
       method: 'POST',
       mode: 'cors',
     })
-    .then(resp => processOkapiSession(store, tenant, resp));
+      .then(resp => processOkapiSession(store, tenant, resp));
   }
 }