[SDK-2813] Add afterRefresh hook #506
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
This pull request is being automatically deployed with Vercel (learn more). 🔍 Inspect: https://vercel.com/auth0/nextjs-auth0/4mQhJEqNvqYyuSTnpmfTAqLGXhW1 [Deployment for 5905f47 canceled] |
Widcket
reviewed
Sep 28, 2021
src/session/get-access-token.ts
Outdated
| session = await accessTokenRequest.afterRefresh(req as NextApiRequest, res as NextApiResponse, session); | ||
| } | ||
|
|
||
| sessionCache.set(req, res, session as Session); |
There was a problem hiding this comment.
Why does this require a cast, given that successfully awaiting afterRefresh produces a Session?
There was a problem hiding this comment.
sessionCache.get can return undefined (if a session hasn't been estabilished) and TS isn't smart enough to know that there is a session if client.refresh is successful
There was a problem hiding this comment.
Actually, my bad, I don't need to cast it - will fix, thanks
Widcket
previously approved these changes
Sep 28, 2021
Widcket
approved these changes
Sep 28, 2021
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
When the Access Token is refreshed, the session gets a new set of tokens (Access Token, ID Token, Refresh Token).
Our advice for dealing with large cookies is to delete optional data from the session (like ID Token in some cases).
In order to do this and have the tokens refreshed, we need to add another hook (this time to
getAccessToken) that allows you to modify the session, so that changes like removing the ID Token inafterCallbackaren't reverted ingetAccessTokenwhen the session is refreshed.Ideally we'd have a
sessionUpdatedhook, that runs accross all scenarios where a session is updated, but we don't have a place to configure a non literal config globally (all config should be able to be defined as an environment variable and I don't want to introduce features that requireinitAuth) so we'll have to make do with these 3 hooks:afterCallback: When the session is establised including tokens and userafterRefetch: When the user is potentially updated from/userinfoafterRefresh: When the tokens are potentially updated from the Refresh grantReferences
Fixes #416
See updated FAQ
Testing
Checklist
main