feat(auth): add revokeToken hook to attachLogoutCommand#21
Conversation
Optional pre-clear async hook so consumers can revoke the access token server-side as part of logout. Snapshot guard widened to fetch when either revokeToken or onCleared is supplied. Failures are swallowed so local clear always succeeds even when the server is unreachable. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
doistbot
left a comment
doistbot
left a comment
There was a problem hiding this comment.
This PR introduces a helpful revokeToken hook to the logout command, allowing consumers to seamlessly integrate server-side token revocation into the logout process. The implementation provides a solid foundation for more secure session management, and the expanded test coverage is much appreciated. A few adjustments have been suggested to improve reliability, such as clearing the local store before the revocation attempt to prevent network hangs from blocking local logout, and gracefully handling snapshot lookup failures so local cleanup always proceeds. Additionally, there are minor opportunities to consolidate the context types, refine the test suite to verify the async contract and reduce boilerplate, and fully document the new exports in the README table.
Address PR review feedback: - Clear local store BEFORE awaiting revokeToken so a hung or failing server never blocks local logout. Token is preserved in the JS snapshot variable. - Catch store.active() failures and still proceed to clear() so keychain/file read errors don't block local cleanup. - Derive AttachLogoutRevokeContext from AttachLogoutContext via Omit so view/flags fields share a single source of truth. - Type revokeToken return as void | Promise<void> to match onCleared. - Reduce test boilerplate via extended build() helper, drop unsafe vi.fn casts in favour of typed spies, and add a deferred-promise async-contract test plus a store.active()-throws case. - README "What's in it" auth row + prose now reflect the new ordering, swallow semantics, and the new exported context type. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
🎉 This PR is included in version 0.11.0 🎉 The release is available on: Your semantic-release bot 📦🚀 |
2 participants
Summary
revokeToken(ctx)hook toattachLogoutCommandso consumers can call a server-side token-revocation endpoint as part of logout.store.clear()with{ token, account, view, flags }; skipped when no session is stored. Failures are swallowed so local clear always succeeds even when the server is unreachable.store.active()is fetched when eitherrevokeTokenoronClearedis supplied (previously gated only ononCleared).AttachLogoutRevokeContext<TAccount>re-exported fromsrc/auth/index.ts.Test plan
npm run type-checknpm test— 253 tests pass (5 new cases insrc/auth/logout.test.ts: ordering, skip-on-empty-session, swallow-on-throw, snapshot triggered byrevokeTokenalone, consumer flags reach ctx)npm run check(oxlint + oxfmt) clean on touched filesrevokeTokento a mock endpoint, runcli auth logout, confirm the endpoint is hit then local creds are gone; repeat with the endpoint throwing — local creds still wiped, no stack trace surfaced.🤖 Generated with Claude Code