Skip to main content

Bug: Agent Profile Contact Lookup Forces Logout/Redirect

Status

OPEN - Not blocking hierarchy/rate plan onboarding (deferred)

Summary

Clicking “Lookup” on the Agent Mapping page (/admin/identity-overrides) for an agent profile contact causes an unexpected logout/redirect to login page instead of showing agent details and allowing edit.

Reproduction Steps

  1. Navigate to /admin/identity-overrides (Agent Mapping page)
  2. Find an agent using the search functionality
  3. Click “Lookup” button for the agent

Observed Behavior

  • User is immediately redirected to login page
  • Session appears to be terminated/logged out
  • No agent details are displayed
  • No error message shown to user

Expected Behavior

  • Agent details should be displayed in a modal or detail view
  • User should be able to edit agent profile contact information
  • No logout/redirect should occur

Impact

  • Severity: Medium
  • Priority: Low (deferred - not blocking hierarchy/rate plan onboarding)
  • Affected Users: Admins using Agent Mapping page for profile lookups

Investigation Tasks (Future)

1. Network Request Analysis

  • Check Network tab in DevTools when clicking “Lookup”
  • Verify request includes Authorization header (Bearer token)
  • Verify request includes X-Org-Id header (if required)
  • Capture exact endpoint URL being called
  • Capture request method (GET/POST/etc.)
  • Capture request payload (if any)

2. Backend Endpoint Verification

  • Identify backend endpoint handler for agent profile contact lookup
  • Check endpoint authentication requirements
  • Verify endpoint returns correct status codes:
    • Does it return 401 Unauthorized?
    • Does it return 403 Forbidden?
    • Does it return 404 Not Found?
  • Check backend logs for authentication failures
  • Verify endpoint respects tenant/org scoping

3. Frontend Auth Guard Analysis

  • Locate frontend code that handles “Lookup” button click
  • Identify auth guard/interceptor that triggers redirect
  • Check if redirect happens on:
    • 401 Unauthorized response
    • 403 Forbidden response
    • Missing/invalid token
    • Missing org header
  • Verify if redirect is intentional or buggy behavior

4. Root Cause Analysis

  • Determine if issue is:
    • Missing Authorization header
    • Missing X-Org-Id header
    • Expired/invalid token
    • Backend endpoint returning wrong status code
    • Frontend auth guard too aggressive
    • CORS issue
    • Other authentication/authorization issue

Proposed Fix (Future)

Option A: Fix Request Headers

  • Ensure Authorization header is included in lookup request
  • Ensure X-Org-Id header is included (if required)
  • Use same header logic as other working endpoints

Option B: Fix Auth Guard Behavior

  • Handle 401 gracefully (attempt token refresh)
  • Show inline error message instead of redirecting
  • Only redirect to login if token refresh fails
  • Distinguish between 401 (auth) and 403 (authorization) errors

Option C: Fix Backend Endpoint

  • Ensure endpoint returns correct status codes
  • Ensure endpoint validates auth correctly
  • Ensure endpoint respects tenant/org scoping
  • dashboard/src/features/agentMapping/components/ (Lookup button handler)
  • dashboard/src/features/agentMapping/api/agentMappingClient.ts (API client)
  • dashboard/src/lib/apiClient.ts (Auth interceptor)
  • dashboard/src/lib/recoverableAuthError.ts (Error handling)
  • api/routes/admin.py or api/routes/agent_mapping.py (Backend endpoint)

Notes

  • This bug is deferred until hierarchy/rate plan onboarding is complete
  • May be related to recent auth/header changes in bulk import flow
  • Similar patterns may exist in other lookup/edit flows

Created

2025-01-XX (Date to be filled)

Updated

2025-01-XX (Date to be filled)