auth0/nextjs-auth0

Testing util - generateSessionCookie for stateful session

PSoltes opened this issue · 3 comments

PSoltes commented

Checklist

  • I have looked into the Readme, Examples, and FAQ and have not found a suitable solution or answer.
  • I have looked into the API documentation and have not found a suitable solution or answer.
  • I have searched the issues and have not found a suitable solution or answer.
  • I have searched the Auth0 Community forums and have not found a suitable solution or answer.
  • I agree to the terms within the Auth0 Code of Conduct.

Describe the problem you'd like to have solved

We'd like to test some of our apis without doing the actual login flow all the time. There is util to generate session cookie, but only for stateless session. I'd like to have option to generate one for stateful session.

Describe the ideal solution

expose generateCookieValue and signing in some way. Might be just override of generateSessionCookie but we will specify id or genId instead of whole session object.

Alternatives and current workarounds

Current workaround is just installing jose and hkdf and copying those approx 20 lines of code where we need it. Problematic if you ever change something.

Additional context

No response

PSoltes commented

I am open to create PR for this if you don't see any problem with this feature

vhavronsky commented

🔝

PSoltes commented

create a spec for PR that I'll create for this issue

  • create generateSessionCookie overload with signature generateSessionCookie(session: Session, genId: (session: Session) => string, sessionStore?: SessionStore, config: GenerateSessionCookieConfig) => Promise<{cookie: string, deleteFakeSessionFromStore?: () => Promise<void>}>

Behaviour

  • genId will generate id for session based on provided session obj
  • id will be encrypted via generateCookieValue using secret provided in config loaded via signing
  • if sessionStore was provided - fake session will be set in session store using its set method
  • method will return encrypted id - cookie value
    • if sessionStore was provided it will also return wrapper using destroy method of store - removing fake session