Fix: [AEA-5850] - bug fix for unable to sign out of cis2 errors#2093
Fix: [AEA-5850] - bug fix for unable to sign out of cis2 errors#2093jonathanwelch1-nhs wants to merge 1 commit intomainfrom
Conversation
There was a problem hiding this comment.
Pull request overview
Improves CIS2 logout robustness in the CPT UI by preventing requests to the CIS2 signout endpoint from being blocked when the user session is already expired/unavailable, avoiding “unable to sign out” errors.
Changes:
- Wraps
fetchAuthSession()in a try/catch in the Axios request interceptor and allows CIS2 signout requests to proceed without an ID token. - Updates Authorization header assignment to use a stringified token consistently.
- Adds unit tests covering
fetchAuthSessionrejection behavior for CIS2 signout vs non-signout endpoints.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| packages/cpt-ui/src/helpers/axios.tsx | Makes token retrieval failure non-fatal for CIS2 signout requests while keeping other endpoints protected. |
| packages/cpt-ui/tests/axios.test.tsx | Adds regression tests ensuring CIS2 signout isn’t blocked when fetchAuthSession throws, and that other endpoints still fail. |
|
|
||
| const authSession = await fetchAuthSession() | ||
| const idToken = authSession.tokens?.idToken | ||
| const isAmplifyHostRequest = config.url?.includes("/api/cis2-signout") ?? false |
There was a problem hiding this comment.
isAmplifyHostRequest is checking for the CIS2 signout endpoint (/api/cis2-signout), so the name is misleading now that it controls auth-abort behaviour. Rename it to something like isCis2SignoutRequest (or similar) to make the intent clear.
|
Summary
https://nhsd-jira.digital.nhs.uk/browse/AEA-5850
Details
Users were returning errors where they werent fully logged out of cis2.
Now handles logout more gracefully