From d49b3398cb50716bb9940b9e6291615ffe98e898 Mon Sep 17 00:00:00 2001
From: Erez Sharim <erez@crossid.io>
Date: Thu, 30 Dec 2021 13:10:19 +0200
Subject: [PATCH] fixes an issue thay caused the private route to not redirect
 correctly when idtoken is expired

---
 src/with-auth.tsx | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/with-auth.tsx b/src/with-auth.tsx
index 072d285..b113d6f 100644
--- a/src/with-auth.tsx
+++ b/src/with-auth.tsx
@@ -1,5 +1,5 @@
 import { AuthorizationOpts } from '@crossid/crossid-spa-js'
-import React, { useEffect, useRef, useState } from 'react'
+import React, { useEffect, useRef } from 'react'
 import { useAuth } from './use-auth'
 
 export interface AuthRequiredOpts {
@@ -9,6 +9,11 @@ export interface AuthRequiredOpts {
 
 const defaultReturnTo = (): string => `${window.location.pathname}${window.location.search}`
 
+const isExpired = (exp: number): boolean => {
+  const nowSecondsTS = Date.now() / 1000
+  return nowSecondsTS >= exp
+}
+
 /**
  * a high order component that renders children only if user is authenticated.
  * anonymous visitors will be redirected to the login page.
@@ -25,7 +30,7 @@ export function withAuth<T>(WrappedComponent: React.ComponentType<T>, opts: Auth
     const { return_to = defaultReturnTo, login_opts } = opts
 
     // todo consider authorization restrictions by letting the user pass some claims assertions.
-    const authenticated = !!idToken
+    const authenticated = !!idToken && !isExpired(idToken.exp || 0)
 
     useEffect(() => {
       rendered.current = true