auth0-angular icon indicating copy to clipboard operation
auth0-angular copied to clipboard
verified publisher icon auth0

SDK should handle getting a new token based on the interceptor configuration provided.

Open mharrisn opened this issue 1 year ago • 1 comments

Checklist

  • [X] I have looked into the Readme, Examples, and FAQ and have not found a suitable solution or answer.
  • [X] I have looked into the API documentation and have not found a suitable solution or answer.
  • [X] I have searched the issues and have not found a suitable solution or answer.
  • [X] I have searched the Auth0 Community forums and have not found a suitable solution or answer.
  • [X] I agree to the terms within the Auth0 Code of Conduct.

Describe the problem you'd like to have solved

Hello, I assume a feature request is most appropriate for this question. I have an app that needs to call two different APIs. Both APIs have their audience defined in Auth0.

Assuming we have primary-api-audience-identifier as our default audience in AuthClientConfig, I was expecting that if I had an Interceptor configuration like this:

httpInterceptor: {
      allowedList: [
        {
          uriMatcher: (uri) => {
             return  uri.toLowerCase().includes('other-api');
          },
           tokenOptions: {
            authorizationParams : {
              audience: 'other-api-audience-identifier'
            }
          }
        }
      ]
    }

The SDK would get a new Access token if it needed one for the audience specified in tokenOptions. But that doesn't seem to be the case. Is there another suggested way to handle this use case? The only thing that I could find that sounded similar was this closed Issue: https://github.com/auth0/auth0-angular/issues/214

It's not clear to me what the point of the audience is here if the SDK doesn't use it to grab a token.

Describe the ideal solution

The SDK checks whether there is a cached token with the specified audience, and gets an access token as needed (the same logic that's currently used for pulling access tokens silently).

Alternatives and current workarounds

I assume if I manually call AuthService.getTokenSilently, that would provide the token. But this seems like something the SDK should handle automatically to keep the responsibility of managing tokens in the SDK.

Additional context

No response

mharrisn avatar Mar 18 '24 00:03 mharrisn

Hello.

The SDK checks whether there is a cached token with the specified audience, and gets an access token as needed (the same logic that's currently used for pulling access tokens silently).

This is how the SDK works, or is intended to work at least.

As you can see here, our interceptor calls getTokenSilently, which does exactly what you want. You can also see that we take the tokenOptions from the interceptor config and use that as the options to pass down to getTokenSilently.

If this does not work for you, can you share a reproduction and we can help troubleshoot what's going on. You can use our sample application to reproduce and share.

frederikprijck avatar Mar 18 '24 07:03 frederikprijck

I can't use any of my organization's tenants for a reproduction case. Do you have any suggestions on how I can define APIs for reproduction? Is there a sample tenant - like the sample application that I could use as a starter?

mharrisn avatar Mar 21 '24 22:03 mharrisn

You can create a different tenant for yourself, it's free.

frederikprijck avatar Mar 22 '24 06:03 frederikprijck

Closing due to inactivity, feel free to let us know if you have a reproduction and still need us to look into it, can reopen as needed.

frederikprijck avatar Jun 20 '24 07:06 frederikprijck