From 3fef2ba46aba290885d1e8ae814cf3f1cf7fb454 Mon Sep 17 00:00:00 2001
From: aidynoJ <121284650+aidynoJ@users.noreply.github.com>
Date: Tue, 9 Apr 2024 18:15:38 +0500
Subject: [PATCH] STCOR-789-follow-up: Include /authn/token on the list of
 always-permissible API (#1452)

* STCOR-789: add /authn/token to always-permissible list. Refs STCOR-789

Include `/authn/token` on the list of always-permissible API in order to
allow OTP-for-cookie exchange on return from authentication. Without
this allowance in place, stripes will get stuck in a loop bouncing
between the authn-server (which believes, correctly, that the user has
authenticated) and stripes (which believes, wrongly, that the user has
not authenticated because its "valid AT?" check fails). The AT won't be
valid until after we get to exchange the OTP for an AT by visiting
`/authn/token`.

---------

Co-authored-by: Ryan Berger <rberger@ebsco.com>
Co-authored-by: Zak Burke <zburke@ebsco.com>
(cherry picked from commit f9d82f6e01e6f89171a87597209c81a52e96fc1c)
---
 src/components/Root/FFetch.js | 1 +
 src/loginServices.js          | 3 +--
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/components/Root/FFetch.js b/src/components/Root/FFetch.js
index f28c08e32..7208d5438 100644
--- a/src/components/Root/FFetch.js
+++ b/src/components/Root/FFetch.js
@@ -95,6 +95,7 @@ export class FFetch {
 
     const isPermissibleResource = (string) => {
       const permissible = [
+        '/authn/token',
         '/bl-users/forgotten/password',
         '/bl-users/forgotten/username',
         '/bl-users/login-with-expiry',
diff --git a/src/loginServices.js b/src/loginServices.js
index 34241be6c..4f683e846 100644
--- a/src/loginServices.js
+++ b/src/loginServices.js
@@ -458,7 +458,6 @@ export async function logout(okapiUrl, store) {
     .then(localStorage.removeItem('tenant'))
     .then(localforage.removeItem(SESSION_NAME))
     .then(localforage.removeItem('loginResponse'))
-    .then(removeUnauthorizedPathFromSession)
     .catch((error) => {
       // eslint-disable-next-line no-console
       console.log(`Error logging out: ${JSON.stringify(error)}`);
@@ -804,7 +803,7 @@ export function requestLogin(okapiUrl, store, tenant, data) {
       method: 'POST',
       mode: 'cors',
     })
-    .then(resp => processOkapiSession(store, tenant, resp));
+      .then(resp => processOkapiSession(store, tenant, resp));
   }
 }