-
Notifications
You must be signed in to change notification settings - Fork 396
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[SDK-2330] New tokens should be applied to existing session #307
Conversation
This pull request is being automatically deployed with Vercel (learn more). 🔍 Inspect: https://vercel.com/auth0/nextjs-auth0/piwv2iyzx [Deployment for 48e9a7e canceled] |
Object.assign(session, { | ||
...newSession, | ||
refreshToken: newSession.refreshToken || session.refreshToken, | ||
user: { ...session.user, ...newSession.user } | ||
}); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this get saved in the session cache?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep - the session is mutable and whatever is in it at the end of the request chain will get persisted
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The second request to /api/session
in the test should also verify this https://github.com/auth0/nextjs-auth0/pull/307/files#diff-43549841cd306e45cf537adad769f7fc683abaf46a9eab1146d958238493af2aR112-R113
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good, just have a question.
Co-authored-by: Rita Zerrizuela <[email protected]>
Description
handleProfile
will use the a stale session ifgetAccessToken
updates the session.On the whole a user should be able to continue to use a refrence to the session after
getAccessToken
is called, without having to callgetSession
again.References
See #294 (comment)
Testing
Given I have Refresh Token Rotation enabled
And I have an expired Access Token
When I visit
handleProfile
with refetchtrue
Then I should get an updated profile
And I should get an updated Access Token and Refresh Token
Checklist
main