App State Observable

[fearnycompknowhow]

Description

My changes enable direct access to the appState that is returned from the handleRedirectCallback method.
This appState is made available through a new appState$ observable on the AuthService class.

References

The need for this feature has been voiced by a few other developers: https://community.auth0.com/t/handle-appstate-and-redirect-to-dynamic-url-after-successful-login-auth0-angular/50982

Testing

You can run both the unit tests and the e2e tests the normal way

Checklist

• This change adds test coverage for new/changed/fixed functionality
• I have added documentation for new/changed functionality in this PR or in auth0.com/docs
• All active GitHub checks for tests, formatting, and security are passing
• The correct base branch is being used, if not master

[frederikprijck]

Thanks for the PR, Keep in mind it is encourages to open an issue first so we can discuss this before the work is done.

I do want to add that appState is already available to your application today, but I agree it's not clear on how to do so:

1. Start with importing AuthModule and setting skipRedirectCallback to true. This will ensure our SDK will not handle the redirect for you.

imports: [
  AuthModule.forRoot({ skipRedirectCallback: true })
]

2. Call handleRedirectCallback yourself where appropriate, be sure this is only on the configured /callback route:

constructor(private authService: AuthService) {
  this.authService.handleRedirectCallback()
    .pipe(map(result => result?.appState))
    .subscribe(appState => /* use appState here */);
}

As you can see, calling handleRedirectCallback yourself gives you access to the appState without introducing any new code.

That said, I agree this is not convenient and I would prefer for people to not have to need to call handleRedirectCallback themselves if all they need is access to the appState.

[frederikprijck]

This is only true by default, but it could as well be cookies if useCookiesForTransactions is used. Might also make sense to ensure it's clear that this data is only persisted temporarily and will be removed again once being redirected back to your application.

I also believe this message makes it sounds like you can just use this to track any appState you like (as we have storage for multiple MBs worth of data anyway), while I still believe your application should not solely rely on Auth0's SDK to persist your state, you could as well implement something yourself outside of our SDK which gives you more control.

I think it makes more sense to drop the last part and only mention it get stored in Session Storage by default, but can be stored into a cookie when setting useCookiesForTransactions.

Because of the fact that we can also use cookies, I would (as mentioned earlier) remove any emphasis on deeply nested objects (which is also who I would prefer to not have this end up in the readme, as there are limitations to using appState and this SDK is not a state persisting library).

[frederikprijck]

Any reason why we changed result?.appState to be result.appState?

[fearnycompknowhow]

Pardon me, this was just a simple oversight on my part

[frederikprijck]

I am confused with this example. The appState is the appState, and not some deeply nested value.
So I would either use this.appState = appState or this.someOtherProperty = appState.deeply.nested.value;

That said, even though it's good knowing this is possible, I would reduce the nesting here as I believe we want to avoid people using appState to track too much complexity. I would personally stick to a single property on the appState.

[frederikprijck]

Same here, it confuses me that we are using appState.deeply.nested.value = this.loginOptionsForm.value.appState, it should either be appState: appState or appState.deeply.nested.value = this.loginOptionsForm.value.someValue.

However, I said before I would prefer to reduce the nesting.

[frederikprijck]

Even though the comments on the appState$ mention it emits (if any), yet it emits even if appState is null or undefined.

[frederikprijck]

I would be a bit more explicit on the sample and drop the emphasis on objects here.

appState: {
  myValue: 'My State to Track'
}

[frederikprijck]

I would show what this means instead of the comment:

this.auth.appState$.subscribe((appState) => {
  console.log(appState.myValue);
});

[frederikprijck]

I would move this to our FAQ as I believe this is not a main feature of our SDK. We want to avoid that people rely to heavily on our SDK for tracking application state.

[fearnycompknowhow]

@frederikprijck Sorry for not opening a discussion request first. I'll be sure to do that if I do any more work on this repo.

As far as the build issues go: the Cypress tests keep failing, because somewhere undefined is being typed into an input.
The only cause I can think of is that the call to Cypress.env('INTEGRATION_PASSWORD'); is returning undefined.

EMAIL and appState are the only other values that are being used for typing, but they are both defined statically, so I can't see where they would be getting set to undefined.

[frederikprijck]

Thanks for making the changes 🚀 🔥
I will look into the Cypress build tomorrow morning!

[fearnycompknowhow]

No problem. Let me know if I missed anything or if there is anything else you want changed

[frederikprijck]

Cypress tests run fine locally. The reason they fail here is because we do not allow running them on forks.

[frederikprijck]

Thanks for this PR 🔥

[fearnycompknowhow]

No problem. It was my pleasure