Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Only request token endpoint initially, then use a cookie to determine if there is an authenticated user #1740

Merged
merged 12 commits into from
Feb 28, 2024
Merged

Only request token endpoint initially, then use a cookie to determine if there is an authenticated user #1740

merged 12 commits into from
Feb 28, 2024

Conversation

blakewilson
Copy link
Contributor

@blakewilson blakewilson commented Jan 17, 2024
edited
Loading

Tasks

  • I have signed a Contributor License Agreement (CLA) with WP Engine.
  • If a code change, I have written testing instructions that the whole team & outside contributors can understand.
  • I have written and included a comprehensive changeset to properly document the changes I've made.

Description

This PR addresses #1723 (comment) and creates a new cookie that determines if there is a refresh token saved in the cookie, without exposing sensitive data and is accessible in the browser/client.

This allows us to make one initial request to the token endpoint, and then thereafter reference the cookie to determine if there is an authenticated user for stuff like the toolbar. This essentially turns a request for the token on every single page to only once for non-authenticated users.

Related Issue(s):

Testing

  1. From the canary branch, start the example project: npm run dev -w @faustwp/getting-started-example
  2. Open the network tools, and notice every page you visit has a 401 response for the token endpoint.
  3. Now, checkout this branch
  4. Run npm install at the monorepo root
  5. Run npm run build at the monorepo root
  6. Run the example project npm run dev -w @faustwp/getting-started-example
  7. With the network tools open, visit the home page http://localhost:3000. Notice the 401 response from the token endpoint. Refresh and see that no additional requests are made to the token endpoint as an unauthenticated user.
  8. Try and break it with the other testing things below

Other testing things to ensure functionality still works as expected

  • Ensure refresh tokens are still set properly on login/logout
  • Ensure backwards compatibility still works. For example, if there is a cookie for just the refresh token, the reference token should still get set properly

Screenshots

Documentation Changes

Dependant PRs

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Jan 17, 2024
edited
Loading

🦋 Changeset detected

Latest commit: b445a6b

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@faustwp/core Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jan 17, 2024
edited
Loading

📦 Next.js Bundle Analysis for @faustwp/getting-started-example

This analysis was generated by the Next.js Bundle Analysis action. 🤖

⚠️ Global Bundle Size Increased

Page Size (compressed)
global 247.03 KB (🟡 +559 B)
Details

The global bundle is the javascript bundle that loads alongside every page. It is in its own category because its impact is much higher - an increase to its size means that every page on your website loads slower, and a decrease means every page loads faster.

Any third party scripts you have added directly to your app using the <script> tag are not accounted for in this analysis

If you want further insight into what is behind the changes, give @next/bundle-analyzer a try!

@blakewilson
Copy link
Contributor Author

Closes #1723

@blakewilson blakewilson linked an issue Feb 20, 2024 that may be closed by this pull request
Improve testing around authorization calls #1723
Closed
@blakewilson blakewilson marked this pull request as ready for review February 20, 2024 17:36
@blakewilson blakewilson requested a review from a team as a code owner February 20, 2024 17:36
@blakewilson @matthewguywright
Update .changeset/brave-cougars-lie.md
b445a6b 
Co-authored-by: Matthew Wright <1815200+matthewguywright@users.noreply.github.com>
@blakewilson blakewilson merged commit 0759959 into canary Feb 28, 2024
8 checks passed
@blakewilson blakewilson deleted the fix-token-endpoint-request branch February 28, 2024 16:55
@blakewilson
Copy link
Contributor Author

Closes #1794

@blakewilson blakewilson mentioned this pull request Mar 8, 2024
Open
1 task
theodesp added a commit that referenced this pull request Apr 2, 2024
@theodesp
Revert "Only request token endpoint initially, then use a cookie to d…
612d01d 
…etermine if there is an authenticated user (#1740)"

This reverts commit 0759959.
@theodesp theodesp mentioned this pull request Apr 2, 2024
Merged
3 tasks
theodesp added a commit that referenced this pull request Apr 2, 2024
@theodesp
Revert "Only request token endpoint initially, then use a cookie to d… (
f4b415f 
#1868)

* Revert "Only request token endpoint initially, then use a cookie to determine if there is an authenticated user (#1740)"

This reverts commit 0759959.

* Restore js-cookie
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@matthewguywright matthewguywright matthewguywright approved these changes

@mindctrl mindctrl mindctrl approved these changes

Assignees

@mindctrl mindctrl

@blakewilson blakewilson

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Improve testing around authorization calls
3 participants
@blakewilson @mindctrl @matthewguywright