okta-react icon indicating copy to clipboard operation
okta-react copied to clipboard

Published 20 hours ago verified publisher icon okta

Misleading docs - isAuthenticated renews auth

Open RacingTadpole opened this issue 6 years ago • 2 comments

I'm submitting this issue for the package(s):

  • [ ] jwt-verifier
  • [ ] okta-angular
  • [ ] oidc-middleware
  • [x] okta-react
  • [ ] okta-react-native
  • [ ] okta-vue

I'm submitting a:

  • [ ] Bug report
  • [ ] Feature request
  • [x] Other (Describe below)

Improve documentation

Current behavior

The docs (README) currently says:

auth.isAuthenticated() - Returns true or false, depending on whether the user has an active access or id token.
auth.getIdToken() - Retrieves the id token from storage if it exists.
auth.getAccessToken() - Retrieves the access token from storage if it exists.

With okta-auth-js 2, I think this is misleading.

getAccessToken and getIdToken both eventually call getAsync on TokenManager, which checks for autoRenew and renews the token if it is within 5 minutes of expiry. Thus they do a lot more than retrieving "the token from storage if it exists".

Since auth.isAuthenticated calls getAccessToken() || getIdToken)(), it has the side-effect of renewing the authentication if it has expired (or is within 5 minutes of expiring), if autoRenew is true.

Expected behavior

The docs say:

auth.isAuthenticated() - If `autoRenew` is true, attempts to renew the access and id tokens if they have expired or are close to expiry. Returns true or false, depending on whether the user then has an active access or id token.
auth.getIdToken() - Retrieves the id token either from storage or by requesting a new one if it can be renewed.
auth.getAccessToken() - Retrieves the access token either from storage or by requesting a new one if it can be renewed.

Minimal reproduction of the problem with instructions

Extra information about the use case/user story you are trying to implement

I hope my understanding of this is right – please let me know if not!

Environment

  • Package Version:
  • Browser:
  • OS:
  • Node version (node -v):
  • Other:

RacingTadpole avatar Nov 10 '18 06:11 RacingTadpole

Thank you so much for this information. ( I'm using Okta with Vue ) Now I'm calling getAccessToken() before each request and it looks great so far :)

So it goes without saying that I fully agree with your suggestion on improving the doc..

sve-odoo avatar Dec 05 '18 13:12 sve-odoo

Thanks @RacingTadpole and @sve-odoo for the confirmation.

We're looking at revamping our READMEs to provide more context about what is happening when using these libraries. This is an excellent example where our library's abstraction layer on okta-auth-js can make things appear like "magic".

To add, we're planning next month to add support for passing in more configuration options.

I'm going to mark this as an "enhancement" to ensure this issue doesn't get lost with the update.

jmelberg-okta avatar Dec 14 '18 22:12 jmelberg-okta