[SDK-2794] Return token response in getTokenSilently #803
Conversation
stevehobbsdev
added
CH: Added
stevehobbsdev
force-pushed
the
sdk-2794/token-response
branch
from
3e65a77 to
ebd80b9
Compare
src/global.ts
Outdated
| * | ||
| * The default is `false`. | ||
| */ | ||
| verboseResponse?: boolean; |
There was a problem hiding this comment.
Not married to the name, if there are better suggestions.
There was a problem hiding this comment.
I have no better naming, but I do feel like verbose has a debugging/error connotation to it. But that might just be because I only ever use that term when configuring log levels for errors.
There was a problem hiding this comment.
That's fair, how about detailedResponse?
There was a problem hiding this comment.
I believe that should work better as opposed to verbose, ye. detailedResponse or fullResponse.
There was a problem hiding this comment.
Renamed to detailedResponse.
| @@ -68,6 +68,7 @@ export type CacheEntry = { | |||
| scope: string; | |||
| client_id: string; | |||
| refresh_token?: string; | |||
| oauthTokenScope?: string; | |||
There was a problem hiding this comment.
As mentioned in the description, this is an attempt to "remember" the actual scopes that came back from /oauth/token (if any) so that they can be reliably returned in getTokenSilently if the verbose response is asked for, mainly for consistency.
|
This pull request introduces 1 alert when merging ebd80b9 into ecec4df - view on LGTM.com new alerts:
|
src/global.ts
Outdated
| * | ||
| * The default is `false`. | ||
| */ | ||
| verboseResponse?: boolean; |
There was a problem hiding this comment.
I have no better naming, but I do feel like verbose has a debugging/error connotation to it. But that might just be because I only ever use that term when configuring log levels for errors.
|
Unfortunately I can't see what the coverage problem is now, could be a rounding error 🤷🏻 |
| windowSpy.mockRestore(); | ||
| }); | ||
|
|
||
| it('returns the full token response when returnMode = "verbose"', async () => { |
There was a problem hiding this comment.
We will need to change the test descriptions, this is still using returnMode = 'verbose', while at the moment the property is called verboseReponse.
There was a problem hiding this comment.
Fixed the test descriptions 👍🏻
|
There is always this line which is problematic auth0-spa-js/src/Auth0Client.ts Line 680 in 638ecee |
Description
This PR adds a new option that allows the developer to get access to the response from the /oauth/token endpoint rather than just the access token when calling
getTokenSilently.The response is returned with a couple of caveats:
refresh_tokenis removedscopereturns the scope as returned by/oauth/tokenand does not try to populate it based on theAuth0ClientconfigurationIn the case where there was a cache hit and
ignoreCacheisfalse, the properties that would appear in the token endpoint response are extracted (minusrefresh_token) and the scope is taken from a new cache propertyoauthTokenScope, which stores the scope as returned by/oauth/token.However, this will continue to return
undefineduntil the user performs an operation that causes the token endpoint to return different scopes to what was asked, and we don't yet allow the developer to de-scope an access token, so I'm not sure this is a real issue.References
Closes #715
Testing
Checklist
master