Testing util - generateSessionCookie for stateful session
PSoltes opened this issue · 3 comments
PSoltes commented
Checklist
- I have looked into the Readme, Examples, and FAQ and have not found a suitable solution or answer.
- I have looked into the API documentation and have not found a suitable solution or answer.
- I have searched the issues and have not found a suitable solution or answer.
- I have searched the Auth0 Community forums and have not found a suitable solution or answer.
- I agree to the terms within the Auth0 Code of Conduct.
Describe the problem you'd like to have solved
We'd like to test some of our apis without doing the actual login flow all the time. There is util to generate session cookie, but only for stateless session. I'd like to have option to generate one for stateful session.
Describe the ideal solution
expose generateCookieValue
and signing
in some way. Might be just override of generateSessionCookie
but we will specify id
or genId
instead of whole session
object.
Alternatives and current workarounds
Current workaround is just installing jose and hkdf and copying those approx 20 lines of code where we need it. Problematic if you ever change something.
Additional context
No response
PSoltes commented
I am open to create PR for this if you don't see any problem with this feature
vhavronsky commented
🔝
PSoltes commented
create a spec for PR that I'll create for this issue
create generateSessionCookie overload with signature generateSessionCookie(session: Session, genId: (session: Session) => string, sessionStore?: SessionStore, config: GenerateSessionCookieConfig) => Promise<{cookie: string, deleteFakeSessionFromStore?: () => Promise<void>}>
Behaviour
- genId will generate id for session based on provided session obj
- id will be encrypted via generateCookieValue using secret provided in config loaded via signing
- if sessionStore was provided - fake session will be set in session store using its
set
method - method will return encrypted id - cookie value
- if sessionStore was provided it will also return wrapper using
destroy
method of store - removing fake session
- if sessionStore was provided it will also return wrapper using