Identity redirects not working

Okay, I’ve read pretty much every documentation I can get my hands on and I can’t get role based redirects working with my gatsby site with netlify identity (free plan). It seemed to work momentarily on my development URL, but never locally with netlify dev.

Here’s the relevant parts of my .toml file:

[dev]
        targetPort = 8000 # The port for your application server, framework or site generator
        port = 8888 # The port that the netlify dev will be accessible on
        jwtRolePath = "app_metadata.roles"

[[redirects]]
        from = "/dashboard/*"
        to = "/dashboard/:splat"
        force = true
        status = 200
        conditions = {Role = ["registered_user"]}

[[redirects]]
        from = "/dashboard/*"
        to = "/login"
        status = 200
        force = true

Here’s the JWT user info:

app_metadata: 
    provider: "email"
    roles: Array(1)
        0: "registered_user"
        length: 1

I’ve also tried jwtRolePath = “app_metadata.authorization.roles” as stated in the documentation.

It always redirects to the login page regardless of if the user is authenticated of not. The desired functionality is to not change the URL they are on if it’s /dashboard or deeper, redirect to /login if they are not authenticated.

Any help is very appreciated!

Update: seems like it works on a live staging branch but after some time it redirects like I’m logged out even though I’m not. Almost like the session has expired or something.

For local development, the redirects seem to not capture the role at all, and therefore doesn’t work at all.

Hi @kyleschoen unfortunately we can’t help with your code not working locally as this is outside the scope of support. . Below is some documentation on our redirects.I strongly suggest you give it a thorough read through and see if this fixes your problem:

I’ll leave your thread open for those who can assist.

If you do get this working locally and still have a non-code related issue I am happy to help.

That is precisely because the session does and will expire. This refresh is usually handle by the identity widget—but only when the page is active.

There a numerous posts regarding identity and token refresh such as

Thanks for the insight — I have gone through that doc and tried every combination possible, but it’s something strange with the local dev possibly not being able to pick up the Role condition. I’ve given up on this approach and am building out routing in Gatsby which seems to be working very well now.

Really appreciate the token expiration links here. This part still confuses me despite moving to Gatsby routing instead of role based redirects.

As a workaround, I’m currently checking for the goTrue cookie which persists after it’s expiration time. Do you see any issue with this route?

If you are checking for a locally stored cookie, do ensure there are some checks (out of site of the user) to check the validity of that cookie and any other stored cookies/data.

You might find this video from Egghead useful

Some great info in there, thanks!

For some reason calling netlifyIdentity.currentUser() is working now instead of checking local storage. I also found a link in another forum about how to handle the expiration through the goTrue JS source code: gotrue-js/user.js at main · netlify/gotrue-js · GitHub

Looks like a similar function could compare when the token was created against a custom expiration limit and then force the user to log in again. Posting here in case anyone else is looking for a similar answer.

Netlify Identity does not work with CLI: [feature] local emulation of Netlify Identity · Issue #440 · netlify/cli · GitHub, at least not till you provide your own JWT secret. To keep the secret consistent with CLI and production, you’d have to be on the Business plan that allows setting a custom JWT secret.