feat: storageManager and transactionManager #604
Conversation
aarongranick-okta
force-pushed
the
ag-OKTA-360885-new-storage
branch
from
38deb9a
to
550d3a1
Compare
Codecov Report
@@ Coverage Diff @@
## master #604 +/- ##
==========================================
- Coverage 93.07% 91.91% -1.17%
==========================================
Files 38 41 +3
Lines 2166 2349 +183
Branches 455 513 +58
==========================================
+ Hits 2016 2159 +143
- Misses 150 190 +40
Continue to review full report at Codecov.
|
| } | ||
| ``` | ||
|
|
||
| ##### `storageType` |
There was a problem hiding this comment.
From the code samples above, looks like the storageType accepts an array of types, it would be great to also explain the meaning of multiple versus single storageType input.
There was a problem hiding this comment.
There is a 2nd option called storageTypes, I will add some docs for it
| @@ -321,19 +416,31 @@ var config = { | |||
| var authClient = new OktaAuth(config); | |||
| ``` | |||
|
|
|||
| Even if you have specified `localStorage` or `sessionStorage` in your config, the `TokenManager` may fall back to using `cookie` storage on some clients. If your site will always be served over a HTTPS connection, you may want to enable "secure" cookies. This option will prevent cookies from being stored on an HTTP connection. | |||
| A custom [storage provider](#storageprovider) instance can also be passed here. (This will override any `storageProvider` value set under the `token` section of the [storageManager](#storagemanager) configuration) | |||
There was a problem hiding this comment.
old approach override the new one?
There was a problem hiding this comment.
It is currently operating in compatibility mode. A default set storageTypes is set for each well known section. If the config specifies a storageType it will be used as the first choice. Then, it will go to the NEXT entry in storageTypes. This matches current behavior. Fallback logic can be disabled (see README additions).
| * `localStorage`: available to all browser tabs | ||
| * `cookie`: available to all browser tabs, and server-side code | ||
|
|
||
| ##### `storageProvider` |
There was a problem hiding this comment.
Per #606, looks like users are confused about how the custom storage (storageProvider) is used internally by auth-js. Probably, we can add some explanation for that.
| var config = { | ||
| storageManager: { | ||
| token: { | ||
| storageTypes: [ |
There was a problem hiding this comment.
so here means the supported storage types?
There was a problem hiding this comment.
no, these are the preferred storage types in fallback order
the "storageUtil" (browser or server) decides what types are supported
There was a problem hiding this comment.
Perhaps a name to indicate that? storageOrder?
|
Generally looks good to me! One concern is that looks like some options provide the same functionality, but can override some existing options. We probably can provide warning messages if option conflict is detected. |
aarongranick-okta
force-pushed
the
ag-OKTA-360885-new-storage
branch
from
f0009a6
to
4caf422
Compare
|
|
| **Important:** A storage provider will receive sensitive data, such as the user's raw tokens, as a string. Any custom storage provider should take care to save this string in a secure location which is not accessible by other users. | ||
| A `storageProvider` provides low-level access to storage. An example of a `storageProvider` is [localStorage][]. It has a method called `getItem` that returns a string value for a key and a method called `setItem` which accepts a string value and key. | ||
|
|
||
| **Important:** A storage provider will receive sensitive data, such as the user's raw tokens, as a readable string. Any custom storage provider should take care to save this string in a secure location which is not accessible to unauthorized users. |
adds 2 new objects on the sdk instance:
storageManagerprovides access to storage providers using sdk config.transactionManagerprovides access to a saved transactionsome things have been moved around internally, but compatibility should be preserved.
httpCache and other high level providers (using "storageBuilder") have been moved out of "storageUtil" to
StorageManager.storageBuilderhas been renamed toSavedObjectand is now a class.shims are provided on "options.storageUtil" to preserve compatibility if anyone was using that interface (was never documented).
"legacy" PKCE meta and OAuth params compatibility logic has been added. Going forward, PKCE meta and OAuth params are stored together along with the other transaction data.