[SDK-3594] De-dupe Id token #967
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…cking expiration or wrapping the entry
|
This pull request introduces 1 alert when merging 90f22d4 into b0541c8 - view on LGTM.com new alerts:
|
|
This pull request introduces 1 alert when merging 1febd38 into b0541c8 - view on LGTM.com new alerts:
|
|
This pull request introduces 2 alerts when merging 53e6999 into b0541c8 - view on LGTM.com new alerts:
|
frederikprijck
force-pushed
the
feat/sdk-3594
branch
from
36544d5
to
d866a8f
Compare
frederikprijck
force-pushed
the
feat/sdk-3594
branch
from
d866a8f
to
18d0552
Compare
frederikprijck
changed the title
ewanharris
requested changes
Sep 1, 2022
ewanharris
approved these changes
Sep 6, 2022
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changes
Our SDK caches the token response it gets from Auth0. The combination of
audienceandscopeis used to differentiate the cache entries. This results in the fact that we can have multiple entries in our cache, each containing an access token, id token and, optionally, a refresh token. Most importantly, we can have multiple id tokens, while it's expected to only ever have one per client.With this PR we are changing the cache in such a way that we now store id token and decodedToken separately from the access token, unrelated to scope or audience. This ensures we only have one id token in our cache.
Change in public API
The consequence of that change is that our public API will change, both
getUserandgetIdTokenClaimsmethods will no longer accept any arguments.Cache changes
This PR also reworks our internal cache in such a way that
id_tokenanddecodedTokenare now stored separately from the rest, using a key in the format@@auth0spajs@@::CLIENT_ID::@@user@@.Session Management
This PR also removes the check on the ID Token
expclaim when retrieving items from the cache, as that was required due to changes in this PR. This also solves SDK-3587.Backwards compatibility
Even though the public API has changed, and users will be required to update their code as needed, we do provide backwards compatibility in such a way that we try to have users not need to re-authenticate (when using local-storage or a custom cache) after updating to v2.
To do so, the implementation of the above methods (getUser, getIdTokenClaims and isAuthenticated) is changed as follows:
new Auth0Client({...}))Testing
This PR adds a new file called
migration.jsto verify a couple of scenario's between v1 and v2. This is not running on Circle CI yet, as it needs a couple of tenant-specific configurations. However, including this here already and will follow up on getting them to run on circle.Checklist