use useProfile instead of user#185
Conversation
|
Warning Review limit reached
More reviews will be available in 59 minutes and 11 seconds. Learn how PR review limits work. Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file). ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits. 🚦 How do rate limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (2)
📝 WalkthroughWalkthroughThe PR updates AppTopBar selector equality, adds a silent-renew authentication component, and changes app startup to route silent-renew callbacks through a dedicated entry path with cached IdP settings support. ChangesUser Profile Selector Equality
Silent Renew Startup Flow
Suggested reviewers
🚥 Pre-merge checks | ✅ 3 | ❌ 2❌ Failed checks (2 warnings)
✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
🧹 Nitpick comments (1)
src/services/apps-metadata.ts (1)
35-45: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low valueCached IdP settings can serve stale config until a full app reload.
getCachedIdpSettingsreturns the cached value without any freshness/version check, and the cache is only refreshed byfetchIdpSettingson a full app load. IfidpSettings.jsonchanges (e.g. authority/clientId rotation) while a long-lived session keeps performing silent renews without a full reload, the iframe will keep using the old settings. This matches the PR's stated design, but consider a TTL or version stamp if config can change mid-session.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/services/apps-metadata.ts` around lines 35 - 45, `getCachedIdpSettings` currently returns whatever is in localStorage with no freshness check, so long-lived sessions can keep using stale IdP config. Update the caching flow in `getCachedIdpSettings`/`fetchIdpSettings` to validate cache freshness before reusing it, such as by storing and checking a TTL or version stamp alongside `IDP_SETTINGS_CACHE_KEY`. If the cached metadata is missing, expired, or version-mismatched, fall back to `fetchIdpSettings` and refresh the cache.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Nitpick comments:
In `@src/services/apps-metadata.ts`:
- Around line 35-45: `getCachedIdpSettings` currently returns whatever is in
localStorage with no freshness check, so long-lived sessions can keep using
stale IdP config. Update the caching flow in
`getCachedIdpSettings`/`fetchIdpSettings` to validate cache freshness before
reusing it, such as by storing and checking a TTL or version stamp alongside
`IDP_SETTINGS_CACHE_KEY`. If the cached metadata is missing, expired, or
version-mismatched, fall back to `fetchIdpSettings` and refresh the cache.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 72b88294-7232-4e50-8b6b-019a81796e78
📒 Files selected for processing (5)
silent-renew.tsxsrc/index.tsxsrc/module-core-js-array-flat-map.d.tssrc/module-typeface-roboto.d.tssrc/services/apps-metadata.ts
✅ Files skipped from review due to trivial changes (2)
- src/module-core-js-array-flat-map.d.ts
- src/module-typeface-roboto.d.ts
|



PR Summary
Context
On every OIDC silent renew, oidc-client-ts loads
/silent-renew-callbackinside ahidden iframe. Because
index.tsxalways rendered<AppWrapper />, the entireapplication was bootstrapped inside that iframe just to end up calling
signinSilentCallback(): Redux store,IntlProviderand all translations,AG Grid registration, MUI theme,
SnackbarProviderandNotificationsProvider.NotificationsProvideradditionally fetchedenv.jsonand opened a notificationWebSocket on each renewal — all of it pure overhead repeated at every token refresh.
Changes
index.tsx: branch on the pathname before rendering. On/silent-renew-callbackrender a new lightweight
SilentRenewApp; otherwise render<AppWrapper />as before.components/silent-renew-app.tsx: rebuilds theUserManagerviainitializeAuthenticationProd(..., isSilentRenew=true, ...)(same settings, samelocalStoragestate store, same Azure authority hack as the parent) and completesthe flow through commons-ui's
SilentRenewCallbackHandler.utils/rest-api.ts:fetchIdpSettingsnow caches the result inlocalStorage;added
getCachedIdpSettings, used only by the silent-renew path, which reads thatcache (no network) and falls back to a real fetch if it is missing/corrupted.
Result
Inside the silent-renew iframe, requests go from a full SPA boot
(
idpSettings.json+env.json+ WebSocket + app bundle execution) down to asingle
POST /token— the actual token exchange. No more spurious WebSocketreconnections triggered by the renewal iframe.
Testing
env.json, no longerre-fetches
idpSettings.json, and does not open a WebSocket — onlyPOST /tokenremains.notification WebSocket is not reconnected on each cycle.