Skip to content

fix: auth race condition when using the SDK in the Studio structure #646

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

fix: auth race condition when using the SDK in the Studio structure #646

wants to merge 5 commits into from

Conversation

ryanbonial
Copy link
Member

@ryanbonial ryanbonial commented Oct 1, 2025
edited
Loading

Description

This PR improves Studio Mode authentication by using project-specific storage keys for tokens and properly handling authentication in Studio Mode contexts. It ensures that Studio Mode authentication works correctly by using the appropriate storage keys, bypassing organization verification, and using project hostnames for API requests when in Studio Mode.

What to review

  • Check the changes in subscribeToStateAndFetchCurrentUser.ts where project hostname is now used when Studio Mode is enabled
  • Review the AuthBoundary.tsx modifications that disable organization verification when in Studio Mode
  • Verify the comment update in ComlinkTokenRefreshProvider that clarifies when token refresh is not needed

Testing

The easiest way to test this is by using the code in the SDK movie procurement studio
https://github.com/sanity-io/sdk-movie-procurement-studio/blob/main/sanity.config.ts#L24

Tested the authentication flow with Studio Mode enabled and verified that:

  • Organization verification is skipped
  • The project hostname is used for user fetching

Fun gif

race pigs

@ryanbonial ryanbonial requested a review from a team as a code owner October 1, 2025 18:21
@vercel Vercel
Copy link

vercel bot commented Oct 1, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
sdk-docs Ready Ready Preview Comment Oct 3, 2025 5:09pm
sdk-kitchensink-react Ready Ready Preview Comment Oct 3, 2025 5:09pm

@ryanbonial ryanbonial requested a review from cngonzalez October 1, 2025 21:19
@cngonzalez
Copy link
Member

What's the best way to test this in the procurement studio? pnpm link? Afraid I'm still getting the 403 but could be on me

@ryanbonial
Copy link
Member Author

ryanbonial commented Oct 2, 2025
edited
Loading

The best way to test is to

  1. pull down this branch
  2. run pnpm run build of this branch
  3. clone https://github.com/sanity-io/sdk-movie-procurement-studio
  4. add the sdk-movie-procurement-studio package.json 
      "pnpm": {
    "overrides": {
      "@sanity/sdk-react": "../sdk/packages/react"
    }
  },
  5. run pnpm i
  6. run pnpm run deploy to deploy the studio to https://www.sanity.io/@oblZgbTFj/studio/x8vnqr5igs0l6nd9bfc0vu8d/default/structure (this bug seems to only happen when deployed)
  7. Reload the studio via the browser, click in and out of the studio, etc to test it

cngonzalez
cngonzalez previously approved these changes Oct 2, 2025
View reviewed changes
Copy link
Member

@cngonzalez cngonzalez left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nothing in the code sticks out as strange, but just reporting that I did get the 403 on first load (I think I did a login flow first). Refreshing / pressing retry did help. Not sure if that is the intended result.

I wasn't able to recreate by logging out of the dashboard and trying again, so it could also have been a case of staleness somewhere (I did get a 502 in one of my attempts to recreate 😬 )

Screenshot 2025-10-02 at 12 53 04 PM Screenshot 2025-10-02 at 12 55 02 PM

@ryanbonial
refactor(auth): update storage key handling for studio mode
4cd66f0 
- Changed the storage key logic to use a studio-specific key when studio mode is enabled.
- Updated tests to reflect changes in storage key usage and ensure correct behavior in studio mode.
- Improved test descriptions for clarity regarding studio mode conditions.
@ryanbonial
Copy link
Member Author

@cngonzalez I have made some changes and I'm pretty sure that I have resolved the race condition thoroughly now.

@ryanbonial ryanbonial requested a review from cngonzalez October 3, 2025 18:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@laurenashpole laurenashpole Awaiting requested review from laurenashpole laurenashpole is a code owner automatically assigned from sanity-io/sdk

@cngonzalez cngonzalez Awaiting requested review from cngonzalez

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ryanbonial @cngonzalez