react-oauth2-pkce icon indicating copy to clipboard operation
react-oauth2-pkce copied to clipboard
verified publisher icon soofstad

EPIC: Version 2.0

Open soofstad opened this issue 1 year ago • 5 comments

A list of some things that can be done and included in a 2.0 release. Some are breaking, some are not. Most are up for discussion.

  • [ ] No auto redirect during session
  • [ ] Remove renamed/unused parameters
  • [ ] Require onRefreshTokenExpire()
  • [ ] Require handleRefreshError() - maybe(?)
  • [ ] Rethink AuthContext interface (isAuthenticated, isLoading, etc.)
  • [ ] Check for using Context outside of Provider
  • [ ] Offer a useAuthContext() - (?)
  • [ ] No/reduce usage of positional arguments (ex. logIn(undefine, undefine, True))

soofstad avatar Nov 04 '24 14:11 soofstad

Stale issue message

github-actions[bot] avatar Jan 03 '25 20:01 github-actions[bot]

+1 for auth context API outside of react, primarily token information.

dburles avatar Jan 07 '25 00:01 dburles

I don't like that we sometimes have to recommend users to write stuff like logIn(undefined, undefined, 'popup'). Not a fan of the undefineds there. I propose for v2:

So

type LoginConfig = {
  state?: string
  additionalParameters?: TPrimitiveRecord
  method?: 'redirect' | 'popup' | 'replaced-redirect'
}

function logIn (config?: LoginConfig) {}

sebastianvitterso avatar Jan 27 '25 06:01 sebastianvitterso

@dburles Could you specify what you mean by "auth context API outside of react"? ReactContext is the only API we have now. Not sure what other API's you'd need in a React package

soofstad avatar Jan 27 '25 07:01 soofstad

@soofstad I have data fetching logic that lives outside of React context which relies on the access token. Currently to get the token I am grabbing it directly from local storage, which works, but feels like a bit of a hack.

dburles avatar Jan 27 '25 21:01 dburles

Stale issue message

github-actions[bot] avatar Mar 29 '25 20:03 github-actions[bot]

@dburles Do you have any thoughts on how such a feature could be implemented? On a conceptual level, at least?

sebastianvitterso avatar Mar 31 '25 06:03 sebastianvitterso

The only use case I have found so far is getting at the access token. The simplest approach I can think of would be to export a function that optionally takes a custom storageKeyPrefix and returns an object containing the current values from localStorage. Otherwise exposing IAuthContext would require instantiating the config and managing state outside of React.

dburles avatar Mar 31 '25 06:03 dburles

Another use case is to be able to trigger login again if a fetch response comes back with a 401 (similar to onRefreshTokenExpire), which can occur if the token is invalidated elsewhere.

Solved in the meantime via an event listener:

  const auth = useContext(AuthContext);

  // Force login if a GraphQL request returns an unauthenticated response.
  useEffect(() => {
    const onUnauthorizedRequestResponse = () => auth.logIn();
    requestWasUnauthorizedEvent.addListener(onUnauthorizedRequestResponse);
    return () =>
      requestWasUnauthorizedEvent.removeListener(onUnauthorizedRequestResponse);
  }, [auth]);

dburles avatar Apr 08 '25 01:04 dburles

Just another idea. Rather than periodically updating the accessToken, instead there should be API exported that can be called prior to data fetching. This can handle checking token expiration (and fetching a new token) as well as cases where the token is expired elsewhere and an API response returns a 401, then the token information can be removed from localStorage.

dburles avatar May 08 '25 05:05 dburles

Stale issue message

github-actions[bot] avatar Jul 19 '25 20:07 github-actions[bot]

Stale issue message

github-actions[bot] avatar Sep 29 '25 20:09 github-actions[bot]