-
Notifications
You must be signed in to change notification settings - Fork 256
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: storageManager and transactionManager #604
Conversation
38deb9a
to
550d3a1
Compare
Codecov Report
@@ Coverage Diff @@
## master #604 +/- ##
==========================================
- Coverage 93.07% 91.91% -1.17%
==========================================
Files 38 41 +3
Lines 2166 2349 +183
Branches 455 513 +58
==========================================
+ Hits 2016 2159 +143
- Misses 150 190 +40
Continue to review full report at Codecov.
|
} | ||
``` | ||
|
||
##### `storageType` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
From the code samples above, looks like the storageType
accepts an array of types, it would be great to also explain the meaning of multiple versus single storageType
input.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is a 2nd option called storageTypes
, I will add some docs for it
@@ -321,19 +416,31 @@ var config = { | |||
var authClient = new OktaAuth(config); | |||
``` | |||
|
|||
Even if you have specified `localStorage` or `sessionStorage` in your config, the `TokenManager` may fall back to using `cookie` storage on some clients. If your site will always be served over a HTTPS connection, you may want to enable "secure" cookies. This option will prevent cookies from being stored on an HTTP connection. | |||
A custom [storage provider](#storageprovider) instance can also be passed here. (This will override any `storageProvider` value set under the `token` section of the [storageManager](#storagemanager) configuration) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
old approach override the new one?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is currently operating in compatibility mode. A default set storageTypes
is set for each well known section. If the config specifies a storageType
it will be used as the first choice. Then, it will go to the NEXT entry in storageTypes
. This matches current behavior. Fallback logic can be disabled (see README additions).
* `localStorage`: available to all browser tabs | ||
* `cookie`: available to all browser tabs, and server-side code | ||
|
||
##### `storageProvider` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Per #606, looks like users are confused about how the custom storage (storageProvider) is used internally by auth-js. Probably, we can add some explanation for that.
var config = { | ||
storageManager: { | ||
token: { | ||
storageTypes: [ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
so here means the supported storage types?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
no, these are the preferred storage types in fallback order
the "storageUtil" (browser or server) decides what types are supported
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Perhaps a name to indicate that? storageOrder
?
Generally looks good to me! One concern is that looks like some options provide the same functionality, but can override some existing options. We probably can provide warning messages if option conflict is detected. |
f0009a6
to
4caf422
Compare
**Important:** A storage provider will receive sensitive data, such as the user's raw tokens, as a string. Any custom storage provider should take care to save this string in a secure location which is not accessible by other users. | ||
A `storageProvider` provides low-level access to storage. An example of a `storageProvider` is [localStorage][]. It has a method called `getItem` that returns a string value for a key and a method called `setItem` which accepts a string value and key. | ||
|
||
**Important:** A storage provider will receive sensitive data, such as the user's raw tokens, as a readable string. Any custom storage provider should take care to save this string in a secure location which is not accessible to unauthorized users. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
adds 2 new objects on the sdk instance:
storageManager
provides access to storage providers using sdk config.transactionManager
provides access to a saved transactionsome things have been moved around internally, but compatibility should be preserved.
httpCache and other high level providers (using "storageBuilder") have been moved out of "storageUtil" to
StorageManager
.storageBuilder
has been renamed toSavedObject
and is now a class.shims are provided on "options.storageUtil" to preserve compatibility if anyone was using that interface (was never documented).
"legacy" PKCE meta and OAuth params compatibility logic has been added. Going forward, PKCE meta and OAuth params are stored together along with the other transaction data.