Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[SDK-2330] New tokens should be applied to existing session #307

Merged
merged 3 commits into from
Feb 19, 2021

Conversation

adamjmcgrath
Copy link
Contributor

Description

handleProfile will use the a stale session if getAccessToken updates the session.

On the whole a user should be able to continue to use a refrence to the session after getAccessToken is called, without having to call getSession again.

const session = getSession(req, res);
const { accessToken } = await getAccessToken(req, res);

// If AT was updated, session.accessToken should be updated too
session.accessToken === accessToken;

References

See #294 (comment)

Testing

Given I have Refresh Token Rotation enabled
And I have an expired Access Token
When I visit handleProfile with refetch true
Then I should get an updated profile
And I should get an updated Access Token and Refresh Token

  • This change adds test coverage for new/changed/fixed functionality

Checklist

  • I have added documentation for new/changed functionality in this PR or in auth0.com/docs
  • All active GitHub checks for tests, formatting, and security are passing
  • The correct base branch is being used, if not main

@adamjmcgrath adamjmcgrath added the review:medium Medium review label Feb 18, 2021
@adamjmcgrath adamjmcgrath requested a review from a team as a code owner February 18, 2021 15:39
@vercel
Copy link

vercel bot commented Feb 18, 2021

This pull request is being automatically deployed with Vercel (learn more).
To see the status of your deployment, click below or on the icon next to each commit.

🔍 Inspect: https://vercel.com/auth0/nextjs-auth0/piwv2iyzx
✅ Preview: Canceled

[Deployment for 48e9a7e canceled]

@adamjmcgrath adamjmcgrath changed the title New tokens should be applied to existing session [SDK-2330] New tokens should be applied to existing session Feb 18, 2021
Comment on lines +117 to +121
Object.assign(session, {
...newSession,
refreshToken: newSession.refreshToken || session.refreshToken,
user: { ...session.user, ...newSession.user }
});
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this get saved in the session cache?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep - the session is mutable and whatever is in it at the end of the request chain will get persisted

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Contributor

@Widcket Widcket left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, just have a question.

@Widcket Widcket merged commit 5c5bb8d into main Feb 19, 2021
@Widcket Widcket deleted the profile-preserve-session branch February 19, 2021 11:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
review:medium Medium review
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants