feat: add support for Online Access (Online Refresh Tokens)#1133
Draft
NandanPrabhu wants to merge 3 commits into
Draft
feat: add support for Online Access (Online Refresh Tokens)#1133NandanPrabhu wants to merge 3 commits into
NandanPrabhu wants to merge 3 commits into
Conversation
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Plus Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Adds revokeRefreshToken() to the useAuth0 hook, wrapping the underlying Auth0Client method and keeping isAuthenticated/user in sync after the call. This is the one gap in Online Access support — refreshTokenMode, useDpop, and useMrrt already pass through Auth0Provider's existing Auth0ClientOptions config surface. Also exports RefreshTokenMode, InvalidConfigurationError, MissingScopesError, and RevokeRefreshTokenOptions from the package root, and documents the feature in EXAMPLES.md.
Online Access (Online Refresh Tokens) is gated behind Auth0 account team enablement. Adds the same Early Access notice used for the MFA section.
52cf1aa to
01181d8
Compare
RefreshTokenMode is not exported until 2.23.0 — the previous ^2.22.0 range let installs resolve to an older minor where RefreshTokenMode is undefined, breaking refreshTokenMode: RefreshTokenMode.Online at runtime.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds full support for Online Access (Online Refresh Tokens / ORTs) in
auth0-react, mirroring the underlyingauth0-spa-jsfeature.Most of the configuration surface (
refreshTokenMode,useDpop,useMrrt,useRefreshTokens) already passed through automatically viaAuth0Provider's existingAuth0ClientOptionsspread — no changes needed there. The one real gap wasrevokeRefreshToken(), which didn't exist anywhere in the SDK.Changes
revokeRefreshToken(options?)toAuth0ContextInterface, exposed viauseAuth0()Auth0Provideras auseCallbackthat callsclient.revokeRefreshToken()then re-syncsisAuthenticated/userviaclient.getUser()— correctly reflects both online-mode session clearing and offline-mode no-op behaviorRefreshTokenMode,InvalidConfigurationError,MissingScopesError,RevokeRefreshTokenOptionsfrom the package rootAuth0ClientJest mockEXAMPLES.mdUsage
Testing
npx jest --no-coverage— 144 tests)npx tsc --noEmit— zero TypeScript errorsnpm run lint— zero errors/warningsauth0-spa-jsand smoke-testedRefreshTokenMode/revokeRefreshTokenresolve correctlyThis is a draft PR pending final review.