Expose the auth0-angular classes for extension points #183
Comments
alexmach
added
the
feature request
|
Thanks for the feedback @alexmach. We're always looking to improve developer's experiences of our libraries. Can you elaborate on:
|
|
Certainly! This library definitely was a huge benefit to getting our auth0 implementation going but these changes just caused a little panic until I was able to track down why it was no longer behaving as expected. The change that was breaking was the constructor change in #180/projects/auth0-angular/src/lib/auth.interceptor.ts Breaking aspects:
This was a breaking change for how we expected Angular dependency injection to function with the library. We were left needing two implement the I would suggest the following changes to make this kind of move easier for people:
Making these changes would also allow for people implementing this library to override any aspect of the module needed including for their tests. |
|
Moving the Exposing the As a aide note, I am not sure if you are talking about inheriting our services, but personally I would recommend using composition instead, as that would avoid breaking your code when our internal dependencies change, making your application a bit more resilient on it self here. |
|
Yes we are using composition and have two implementations of the same service one that depends on the Auth0 library and one that depends on our legacy logins. The biggest challenge with not having the Out of curiosity why is it desired not to publicly expose that version of the To properly be able to setup the |
|
Would you be able to provide us with a small example application of what the actual problem with the current version is? Doing so would allow us to better understand what is going on and see how we can resolve that.
The method in the interceptor is for internal use in our interceptor only. Generally, a user shouldn't need to call
Not exposing AuthState publicly is an issue for sure and something I will resolve, together with exposing Auth0ClientService. |
|
Sorry it took so long to get together. Main branch contains the 1.5.1 where the interceptor will work. latest-auth0-angular branch will contain the 1.6.0 branch that prevents the use of the AuthHttpInterceptor This is not intended to be our long term solution but just how we were able to manage our transition. The main reason I would like to see the method |
|
Thanks for the sample, I haven't been able to actually see the issue with the interceptor as I can't see any HTTP call being involved in the sample. Would u be able to give some more information with what you mean here (like what do u mean with it isn't getting injected?): https://github.com/alexmach/auth0-angular-sample/blob/latest-auth0-angular/src/app/auth/sample-auth.module.ts#L75 If I understand the repository correctly, you are using two situations where one uses Auth0 and the other one doesn't use Auth0? The first thing that comes to mind here is that this sounds like something you might want to solve by introducing your own wrapper around Auth0Service rather than just replacing it. This would avoid code like this: https://github.com/alexmach/auth0-angular-sample/blob/latest-auth0-angular/src/app/auth/token.service.ts#L17-L25. However, keep in mind our SDK is built to only support Auth0. I know that using your solution is replacing our services in such a way that you are not using the core part of our SDK with
Even though I see why these changes make things complicated to do what you are doing, I do not think our SDK should focus on supporting a use case that wants to use our Interceptor with something other than Auth0. If the interceptor is the problem, I would assume you can get around by creating a different Interceptor for the situation where u are using public class MyInterceptor {
constructor(
@Inject(AUTH0_ENABLED) private auth0Enabled: boolean,
private authHttpInterceptor: AuthHttpInterceptor,
private legacyAuthHttpInterceptor: LegacyAuthHttpInterceptor
)
intercept(
req: HttpRequest<any>,
next: HttpHandler
): Observable<HttpEvent<any>> {
return this.auth0Enabled ? this.authHttpInterceptor.intercept(req, next) : this.legacyAuthHttpInterceptor.intercept(req, next);
}
}Doing the above will ensure our Interceptor isn't used when not using Auth0, which is something we don't explicitly support anyway so it would be safer to not rely on our interceptor when not using Auth0. Also, as you are re-providing so many things of our SDK already, I believe adding something like this could work as well: {
provide: Auth0ClientService,
useFactory: (enabled:boolean, config: AuthClientConfig) => enabled ? Auth0ClientFactory.createClient(config) : LegacyClientFactory.createClient(),
deps:[AUTH0_ENABLED, AuthClientConfig],
}
export class LegacyClientFactory {
createClient() {
return {
getTokenSilently: () => {
return Promise.resolve(sessionStorage.getItem('token'));
}
}
}
}Where in the above case, you probably only need to implement the Note: In order to achieve the above, we do need to export the To come back to the testing:
I do not think that unit testing your application should include our Interceptor. Unit Tests for your application should not try and test our internals, so I can't see why you would want to include the interceptor in your Unit Tests, and if u do I would provide a mock implementation. |
|
I do understand what we have done isn't quite ideal or how things were intended to be used, I wasn't really happy with how it went either. I am advocating for a few small changes to make a transition easier. I did start out by writing the wrapper. The main reason I stopped and went with an approach similar to what I sent is that I wanted to reduce differences between the two implementations.
Yes we would need As far as testing is concerned the way it was mainly needed because we have a shared library across multiple applications and we configure the Auth0 library in our common library which is used within our tests. If we do not override some of the auth0 library it will attempt to initiate the login flow. |
The solution being brought up here is introducing a public API with a method we think no user should ever be calling manually. That isn't a small change in terms of surface area and will confuse more people than it helps.
How to implement those things is up to the application side, and I don't believe an SDK should be making changes only to make the implementation easier / more consistent when mixing with other / legacy authentication systems.
Yes, which I believe is fine. But regarding the Auth0Client from SPAJS, as long as u don't use the Interceptor (which u don't need in a test) and u ensure u mock the Auth0Service, you should be fine (as in, you shouldn't need to mock Auth0Client or Auth0ClientService). I will make some changes to expose both Auth0ClientService and AuthState, which should allow you to achieve what you want, even though it might require some changes on your side. |
|
Thanks! I do understand not wanting to make certain changes. I appreciate the additional changes to expose more. My comment about the testing was mainly about it not being completely obvious how it should be setup and it was causing some of our tests issues at first and could very well have just been the pain of initially implementing the library. I would add that making the transition period easier should be a feature of this library. If it is easier to implement it could help save other people time as well. I realize it should be a short period of time for a transition and that is how it will be for us. After we have enabled auth0 all of our legacy code will be removed and we will be using the default configurations and this will no longer be a concern for us. |
|
I opened a PR, feel free to have a look and let me know if this is or isn't helping you. |
Describe the problem you'd like to have solved
Describe the ideal solution
Alternatives and current work-arounds
Additional context
I work on a series of applications that are currently in the process of implementing auth0. The library works well when auth0 is enabled and there is an SPA configured correctly.
Since the team I am on works in many UI applications that all share the same common library which holds our current authentication mechanism we have to be able to implement this authentication upgrade iteratively. We try to avoid long lived branches when possible.
We currently have a solution to do this; however, it was with a bit of effort to achieve this and the recent 1.6.0 release was not backwards compatible with 1.5.1 classes which is why I am now requesting this feature.
Much of the desire is to be able to dynamically change the dependency injection for the Auth0Client and AuthService when our legacy authentication is enabled to be able to take advantage of the AuthHttpInterceptor.
I do not mind submitting a PR with changes if this is something people would want.
As one last note, the auth0 community answer for testing when using this library leaves a lot to be desired. Ideally this solution will meet that need as well. https://community.auth0.com/t/how-to-unit-test-authservice-in-angular-sdk/52569/6
The text was updated successfully, but these errors were encountered: