[SDK-1279] getTokenSilently retry logic #336
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
joshcanhelp
reviewed
Jan 17, 2020
src/constants.ts
Outdated
| /** | ||
| * @ignore | ||
| */ | ||
| export const DEFAULT_SILENT_TOKEN_RETRY_COUNT = 5; |
There was a problem hiding this comment.
This doesn't look like it's configurable ... is it? Shouldn't it be? Also, default 5 times seems like a lot ...
There was a problem hiding this comment.
I started down the road of making it configurable but ultimately it feels like as a first pass it would be better to set this to something and see what feedback we get around it. It might be what we have right now (a sensible default) is enough for 99% of cases.
I'm not precious about the 5, but if you feel it's too high, the only other number I suggest would be 3. WYDT?
There was a problem hiding this comment.
As long as you think this has been built in a way to make adding that config easily, then I'm 👍
Given that the timeout is 60 seconds (😮), 5 retries is potentially ... 6 minutes?? Is the UI frozen for that time? For network failures I feel like 1, maybe 2 is sufficient.
There was a problem hiding this comment.
Ah, so the timeout you're referring to is our own timeout for the /authorize call when using an iframe. You raise a good point though, I'm not sure what the default timeout for fetch is when it comes to network errors - let me check that out first.
There was a problem hiding this comment.
To circle back on this, fetch itself doesn't prescribe any time out at all. So it will essentially wait until something fails before returning.
To combat this, I will wrap the fetch call and the retries in a wrapper than enforces a timeout, say, 10 seconds, and lower the retry count to 3. How does that sound?
stevehobbsdev
force-pushed
the
release/rtr
branch
from
87430c1
to
2ef25e6
Compare
|
@stevehobbsdev - Feel free to ping me when this is back in shape! I removed myself as a reviewer just so it's off my queue for now. |
stevehobbsdev
force-pushed
the
rtr/retry
branch
from
f0095df
to
e196a80
Compare
|
@joshcanhelp This is ready for you to look at again please. |
stevehobbsdev
requested review from
a team and
joshcanhelp
and removed request for
joshcanhelp
joshcanhelp
approved these changes
Feb 11, 2020
| const response = await fetch(url, options); | ||
| const fetchWithTimeout = (url, options, timeout = DEFAULT_FETCH_TIMEOUT_MS) => { | ||
| // The promise will resolve with one of these two promises (the fetch and the timeout), whichever completes first. | ||
| return Promise.race([ |
There was a problem hiding this comment.
Promise.race ... handy!
There was a problem hiding this comment.
I assume this ends the fetch() process so that's not being tried in the background while the app continues?
lbalmaceda
reviewed
Feb 11, 2020
There was a problem hiding this comment.
@stevehobbsdev Can you summarize what is the difference between the existing getJSON method and the newly introduced fetchWithTimeout? Both receive a timeout param and that confuses me.
I left a few more comments as well
| // The promise will resolve with one of these two promises (the fetch and the timeout), whichever completes first. | ||
| return Promise.race([ | ||
| fetch(url, options), | ||
| new Promise((_, reject) => { |
There was a problem hiding this comment.
I'm sure this works for rejecting the promise early and eventually retrying. But to me, it feels like the timeout should be a feature/option of the node-fetch library. Because, if timeout kicks in, the request should be correctly canceled and that's only something the client can do.
There was a problem hiding this comment.
You are perhaps correct. However, we don't use node-fetch here, it's just the browsers Fetch API (polyfilled using promise-polyfill and that has no protocol whatsoever for requests timing out. It will wait indefinitely for a response or until the connection drops.
There was a problem hiding this comment.
Then, do we get a way to cancel that fetch(url, options) promise gracefully?
There was a problem hiding this comment.
Yes, I've done some research into this and we can cancel fetch through the use of AbortController. However, it has no support on IE11 and thus would require a polyfill and would bump the size of the package.
Let me investigate how big that bump would be and come back to you.
There was a problem hiding this comment.
@lbalmaceda I've implemented AbortController now and added a polyfill for IE11.
The polyfill bumps the distributed package size up to 16.55kb, a 12.4% increase.
There was a problem hiding this comment.
That doesn't seem like a huge increment, but I'd leave that to your discretion. Polyfill Q: Is there any way of only importing it on IE or is this something that if added, must be added in a general way?
There was a problem hiding this comment.
As it's all bundled, we have to add it in a generic way.
@lbalmaceda |
lbalmaceda
suggested changes
Feb 13, 2020
| timeout | ||
| ); | ||
| setTimeout(() => { | ||
| controller.abort(); |
There was a problem hiding this comment.
Please make sure to test this call, I guess we could pass a mocked controller and asser the abort function got called in it?
There was a problem hiding this comment.
I don't think passing the AbortController through is the right call, but I have another idea. Stand by for an update on this tomorrow.
There was a problem hiding this comment.
@lbalmaceda I've added a way to test this, please re-review.
| // The promise will resolve with one of these two promises (the fetch and the timeout), whichever completes first. | ||
| return Promise.race([ | ||
| fetch(url, options), | ||
| new Promise((_, reject) => { |
There was a problem hiding this comment.
That doesn't seem like a huge increment, but I'd leave that to your discretion. Polyfill Q: Is there any way of only importing it on IE or is this something that if added, must be added in a general way?
lbalmaceda
approved these changes
Feb 14, 2020
|
@lbalmaceda thank you for being thorough! |
stevehobbsdev
pushed a commit
that referenced
this pull request
Apr 15, 2020
* Export types from global TypeScript file. * Fix BaseLoginOptions JSDoc. * Fix Auth0Client export and integration tests. * Prevent breaking changes with type and import. * Add export for Auth0Client type. * [SDK-1178] Local Storage caching mechanism (#303) * Refactored existing cache * Renamed to InMemoryCache * Removed default export * Added ICache * Refactored tests * Auth0Client now uses ICache instead of implemented cache type * Added ability to configure cache strategy * Added VS Code debug configuration for running tests * Implemented local storage cache * Made use of "in" to check presence of key in object * Refactored playground page to use Vue + Bootstrap * Added ability to clear the token cache Added clear() to the ICache interface, meaning that this had to be applied to the memory and localstorage caches. Made use of jest-localstorage-mock package for easier testing with localstorage, making the clear method easier to test for the LocalStorageCache implementation. * Revamped the playground page with Vue and Bootstrap additions * Vulnerable dependency update * Added a section in the readme about the caching strategy * Fixed integration tests * Readme wording * Refactored how items are cleared from local storage * Refactored cache key * Readme tweak to make what 'data' is more clear * Renamed cacheStrategy option to cacheLocation * Cache now includes client_id in key * [SDK-1179] Support for rotating refresh tokens (#315) * Refactored getting token using iframe into its own method * Implemented getTokenUsingRefreshToken * Fixed up the playground page to support refresh tokens * Set offline_access scope during initialization * Added error condition for when a refresh token isn't stored or no cache exists * Removed specification of audience when calling token endpoint * Clarified docs on useRefreshTokens * Simplified usage of getUniqueScopes in index.ts * Fixed some playground syntax issues for IE11 * Playground now shows auth info on load if authenticated * Simplified integration tests * Added more integration tests around getting access tokens * Encoded the nonce value when building authorize URLs * Renamed encodeState to encode * Fixed broken integration test * Release 1.7.0-beta.1 (#327) * Release 1.7.0-beta.1 * Tweaked intermittently-failing test * Fixed issue with cache not retaining refresh token (#333) * Fixed issue with cache not retaining refresh token * Fix integration tests * Removed unused core-js import * Extracted 1 day in seconds value to a constant * Applied comment to be consistant with related test * Applied brace styling for consistancy * Reworked expiry tests to mock date instead of using negative exp * Added some comments to the cache tests to explain the test scenario * Cleaned up JS return statement styling * Prepare 1.7.0-beta.2 (#334) * Wrapped InMemoryCache implementation in a closure (#337) * Reinstated lock on getTokenSilently * Fixed up code + tests after rebase * Fixed up types * Removed undesirables from the docs generation * [SDK-1352] Removed setTimeout cache removal in favour of removal-on-read (#354) * Removed setTimeout cache expiry in favour of expiry-on-read * Replace magic values with a constant * [SDK-1279] getTokenSilently retry logic (#336) * Added retry logic to getJSON * Moved retry count to a constant * Reverted changes to oauthToken * Reduced retry count to 3 * Implemented a timeout around the fetch call * Made the fetch timeout a default value and adjusted tests * Fixed broken test after merge * Implemented AbortController to abort fetch on timeout * Added abortcontroller polyfill * Created factory function for AbortController to be mocked and tested * [SDK-1352] Stop checking `isAuthenticated` cookie on initialization when using local storage (#352) * Changes to the initialization strategy * Removed unused import from a test * Release 1.7.0-beta.3 (#358) * Fix error in library type definitions (#367) `// @ts-ignore` comment is not preserved in the generated type definition, which means that library ships broken type definitions and consumers will get an error when they attempt to use it. Reproduction: ``` $ npm i @auth0/[email protected] typescript $ cat index.ts import c from '@auth0/auth0-spa-js'; $ ./node_modules/.bin/tsc --noEmit index.ts node_modules/@auth0/auth0-spa-js/dist/typings/index.d.ts:9:8 - error TS2440: Import declaration conflicts with local declaration of 'Auth0Client'. 9 import Auth0Client from './Auth0Client'; ~~~~~~~~~~~ Found 1 error. ``` * [SDK-1386] Fall back to iframe method if no refresh token is available (#364) * Logic falls back to the iframe method when no refresh token is found * Cleaned up a variable name * Updated integration test * Release 1.7.0-beta.4 (#370) * Updated cache configuration instructions in the readme * Removed unused cacheStrategy param from buildAuthorizeUrl * [SDK-1379] Export constructor (#385) Export constructor * Release 1.7.0-beta.5 (#393) * [SDK-1507] Dependency upgrade (#405) * Ran npm audit fix * Updated packages within semver * Updated typedoc * Updated rollup to 2.3.3 + plugins * Updated idtoken-verifier to 2.0.2 * Fixed warnings on async describe blocks * Updated prettier/pretty-quick * Updated Husky and ran husky-upgrade * Updated Cypress, wait-on and concurrently * Upgraded tslint * Updated circle image * [SDK-1516] Web Workers (#409) * fetch in a web worker * token worker * known issue: doesn't work if user already logged in (need authorization_code grant_type to populate the refresh token) * add iframe fallback * fix tests * We want to load: `rollup-plugin-worker-loader::module:./token.worker.ts` But not: rollup-plugin-worker-loader::module:/Users/adammcgrath/dev/auth0-spa-js/src/token.worker.ts TODO: check windows * Fixed ES5 transpilation for rollup worker plugin * Make messages serializable using `JSON.parse(JSON.stringify({}))` Swap imports per https://github.com/mo/abortcontroller-polyfill/blob/3f1c13d2e4087ee15ded81786f1110ae547931bb/README.md#using-it-on-internet-explorer-11-msie11 * only use worker for non ie, local refresh token opts TODO: fix tests * Fix tests * Removed refresh token from worker memory when not included in response * Moved offline_access scope configuration to constructor * Modified playground to use both factory func and constructor * Remove Object.assign * Remove checks to fix rebuild issue * Abort timed out requests in the Web Worker * Errors * Fix tests * Add some more tests * DRY up the tests a little * Moar tests * unused import * update rollup-plugin-web-worker-loader don't run `addEventListener` in tests add test for missing refresh token and localstorage * add timeout tests * add browser tests * Only include files in the typings copy process * Fix fallback logic when no RT and no worker * add browser tests and comments * bump node version in Jenkinsfile * Removed unused import * Added sanity check for web worker support * Fixed tests for window.Worker check * Moved constructor tests into Auth0Client Co-authored-by: Steve Hobbs <[email protected]> * Updated readme with info on refresh tokens (#415) * Implemented fallback to iframe when given specific audience (#414) * Check if iframe is still in body before removing (#399) If the iframe is removed from the DOM prior to the timeout it would error on removeChild. Error thrown: `Uncaught DOMException: Failed to execute 'removeChild' on 'Node': The node to be removed is not a child of this node.` Bug introduced in #376 Co-authored-by: Steve Hobbs <[email protected]> * Check if source of event exists before closing it (#410) When the iframe is closed, the source of the event message is null, resulting in an error: Cannot read property 'close' of undefined (Chrome). Co-authored-by: Steve Hobbs <[email protected]> * Removed unused error import Co-authored-by: maxswa <[email protected]> Co-authored-by: Yaroslav Admin <[email protected]> Co-authored-by: Adam Mcgrath <[email protected]> Co-authored-by: Paul Falgout <[email protected]> Co-authored-by: gerritdeperrit <[email protected]>
picosam
added a commit
to picosam/auth0-spa-js
that referenced
this pull request
May 12, 2020
* Fix typings to allow custom claims in ID token (auth0#386) * Update global.ts * fix: allow any value in unknown id token claim * Run release:clean at the end of the release process (auth0#395) * Merge 1.7.0 beta branch (auth0#419) * Export types from global TypeScript file. * Fix BaseLoginOptions JSDoc. * Fix Auth0Client export and integration tests. * Prevent breaking changes with type and import. * Add export for Auth0Client type. * [SDK-1178] Local Storage caching mechanism (auth0#303) * Refactored existing cache * Renamed to InMemoryCache * Removed default export * Added ICache * Refactored tests * Auth0Client now uses ICache instead of implemented cache type * Added ability to configure cache strategy * Added VS Code debug configuration for running tests * Implemented local storage cache * Made use of "in" to check presence of key in object * Refactored playground page to use Vue + Bootstrap * Added ability to clear the token cache Added clear() to the ICache interface, meaning that this had to be applied to the memory and localstorage caches. Made use of jest-localstorage-mock package for easier testing with localstorage, making the clear method easier to test for the LocalStorageCache implementation. * Revamped the playground page with Vue and Bootstrap additions * Vulnerable dependency update * Added a section in the readme about the caching strategy * Fixed integration tests * Readme wording * Refactored how items are cleared from local storage * Refactored cache key * Readme tweak to make what 'data' is more clear * Renamed cacheStrategy option to cacheLocation * Cache now includes client_id in key * [SDK-1179] Support for rotating refresh tokens (auth0#315) * Refactored getting token using iframe into its own method * Implemented getTokenUsingRefreshToken * Fixed up the playground page to support refresh tokens * Set offline_access scope during initialization * Added error condition for when a refresh token isn't stored or no cache exists * Removed specification of audience when calling token endpoint * Clarified docs on useRefreshTokens * Simplified usage of getUniqueScopes in index.ts * Fixed some playground syntax issues for IE11 * Playground now shows auth info on load if authenticated * Simplified integration tests * Added more integration tests around getting access tokens * Encoded the nonce value when building authorize URLs * Renamed encodeState to encode * Fixed broken integration test * Release 1.7.0-beta.1 (auth0#327) * Release 1.7.0-beta.1 * Tweaked intermittently-failing test * Fixed issue with cache not retaining refresh token (auth0#333) * Fixed issue with cache not retaining refresh token * Fix integration tests * Removed unused core-js import * Extracted 1 day in seconds value to a constant * Applied comment to be consistant with related test * Applied brace styling for consistancy * Reworked expiry tests to mock date instead of using negative exp * Added some comments to the cache tests to explain the test scenario * Cleaned up JS return statement styling * Prepare 1.7.0-beta.2 (auth0#334) * Wrapped InMemoryCache implementation in a closure (auth0#337) * Reinstated lock on getTokenSilently * Fixed up code + tests after rebase * Fixed up types * Removed undesirables from the docs generation * [SDK-1352] Removed setTimeout cache removal in favour of removal-on-read (auth0#354) * Removed setTimeout cache expiry in favour of expiry-on-read * Replace magic values with a constant * [SDK-1279] getTokenSilently retry logic (auth0#336) * Added retry logic to getJSON * Moved retry count to a constant * Reverted changes to oauthToken * Reduced retry count to 3 * Implemented a timeout around the fetch call * Made the fetch timeout a default value and adjusted tests * Fixed broken test after merge * Implemented AbortController to abort fetch on timeout * Added abortcontroller polyfill * Created factory function for AbortController to be mocked and tested * [SDK-1352] Stop checking `isAuthenticated` cookie on initialization when using local storage (auth0#352) * Changes to the initialization strategy * Removed unused import from a test * Release 1.7.0-beta.3 (auth0#358) * Fix error in library type definitions (auth0#367) `// @ts-ignore` comment is not preserved in the generated type definition, which means that library ships broken type definitions and consumers will get an error when they attempt to use it. Reproduction: ``` $ npm i @auth0/[email protected] typescript $ cat index.ts import c from '@auth0/auth0-spa-js'; $ ./node_modules/.bin/tsc --noEmit index.ts node_modules/@auth0/auth0-spa-js/dist/typings/index.d.ts:9:8 - error TS2440: Import declaration conflicts with local declaration of 'Auth0Client'. 9 import Auth0Client from './Auth0Client'; ~~~~~~~~~~~ Found 1 error. ``` * [SDK-1386] Fall back to iframe method if no refresh token is available (auth0#364) * Logic falls back to the iframe method when no refresh token is found * Cleaned up a variable name * Updated integration test * Release 1.7.0-beta.4 (auth0#370) * Updated cache configuration instructions in the readme * Removed unused cacheStrategy param from buildAuthorizeUrl * [SDK-1379] Export constructor (auth0#385) Export constructor * Release 1.7.0-beta.5 (auth0#393) * [SDK-1507] Dependency upgrade (auth0#405) * Ran npm audit fix * Updated packages within semver * Updated typedoc * Updated rollup to 2.3.3 + plugins * Updated idtoken-verifier to 2.0.2 * Fixed warnings on async describe blocks * Updated prettier/pretty-quick * Updated Husky and ran husky-upgrade * Updated Cypress, wait-on and concurrently * Upgraded tslint * Updated circle image * [SDK-1516] Web Workers (auth0#409) * fetch in a web worker * token worker * known issue: doesn't work if user already logged in (need authorization_code grant_type to populate the refresh token) * add iframe fallback * fix tests * We want to load: `rollup-plugin-worker-loader::module:./token.worker.ts` But not: rollup-plugin-worker-loader::module:/Users/adammcgrath/dev/auth0-spa-js/src/token.worker.ts TODO: check windows * Fixed ES5 transpilation for rollup worker plugin * Make messages serializable using `JSON.parse(JSON.stringify({}))` Swap imports per https://github.com/mo/abortcontroller-polyfill/blob/3f1c13d2e4087ee15ded81786f1110ae547931bb/README.md#using-it-on-internet-explorer-11-msie11 * only use worker for non ie, local refresh token opts TODO: fix tests * Fix tests * Removed refresh token from worker memory when not included in response * Moved offline_access scope configuration to constructor * Modified playground to use both factory func and constructor * Remove Object.assign * Remove checks to fix rebuild issue * Abort timed out requests in the Web Worker * Errors * Fix tests * Add some more tests * DRY up the tests a little * Moar tests * unused import * update rollup-plugin-web-worker-loader don't run `addEventListener` in tests add test for missing refresh token and localstorage * add timeout tests * add browser tests * Only include files in the typings copy process * Fix fallback logic when no RT and no worker * add browser tests and comments * bump node version in Jenkinsfile * Removed unused import * Added sanity check for web worker support * Fixed tests for window.Worker check * Moved constructor tests into Auth0Client Co-authored-by: Steve Hobbs <[email protected]> * Updated readme with info on refresh tokens (auth0#415) * Implemented fallback to iframe when given specific audience (auth0#414) * Check if iframe is still in body before removing (auth0#399) If the iframe is removed from the DOM prior to the timeout it would error on removeChild. Error thrown: `Uncaught DOMException: Failed to execute 'removeChild' on 'Node': The node to be removed is not a child of this node.` Bug introduced in auth0#376 Co-authored-by: Steve Hobbs <[email protected]> * Check if source of event exists before closing it (auth0#410) When the iframe is closed, the source of the event message is null, resulting in an error: Cannot read property 'close' of undefined (Chrome). Co-authored-by: Steve Hobbs <[email protected]> * Removed unused error import Co-authored-by: maxswa <[email protected]> Co-authored-by: Yaroslav Admin <[email protected]> Co-authored-by: Adam Mcgrath <[email protected]> Co-authored-by: Paul Falgout <[email protected]> Co-authored-by: gerritdeperrit <[email protected]> * Release 1.7.0 (auth0#421) * Updated readme to include information about the RT fallback (auth0#423) * Reset prettier config to pre-2.0 defaults, reformatted some files (auth0#431) * include polyfill for Set (auth0#426) * Updated `login_hint` js docs to clarify usage with Lock (auth0#441) * Moved es-check to build script (auth0#442) * Update rollup-plugin-web-worker-loader to 1.1.1 (auth0#443) * Upgraded rollup-plugin-web-worker-loader to 1.1.1 This fixes an issue with Blob during Gatsby/SSR build * Removed 'check' and other TS config This is no longer needed now that the rollup plugin is fixed. * Formatting * Fixed playground string interp issue for IE11 * [SDK-1417] Customizable default scopes (auth0#435) * Extracted changes needed to customize defaultScope * Moved existing defaultScopes test to the right place * getUniqueScopes moved into scope.ts * Refactor getUniqueScopes into its own module This allows it to me mocked or unmocked separately from utils. index.test.ts has been completely refactored to use an unmocked version and the expectations have changed as a result. * Stop mutating optios.scope and store in separate var * Added tests for relevant functions for using advanced default scopes * Fix constructor after merge * advancedOptions.defaultScope can accept empty/null value * Added advanced section to readme Docs build to follow in the release PR * Set up proper spy for getUniqueScopes * Fixed types in JS docs * Simplified getUniqueScopes implementation * Cleaned up index test file * Simplified the defaultScope check using null chaining operator Co-authored-by: Sri Hari Raju Penmatsa <[email protected]> * Release 1.8.0 (auth0#445) * Fix issue with create-react-app webpack build (auth0#451) * Release 1.8.1 (auth0#453) Co-authored-by: Steve Hobbs <[email protected]> Co-authored-by: maxswa <[email protected]> Co-authored-by: Yaroslav Admin <[email protected]> Co-authored-by: Adam Mcgrath <[email protected]> Co-authored-by: Paul Falgout <[email protected]> Co-authored-by: gerritdeperrit <[email protected]> Co-authored-by: Tony Knight <[email protected]> Co-authored-by: Sri Hari Raju Penmatsa <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Implements retry logic when using
fetchto get a new access token. The implementation relies onfetchonly failing in the event of a network failure. Failure responses, such as 4xx or 5xx errors still return a resolved promise but with the error detail in the body.References
Fetch API on MDN
Testing
Checklist
master