saveCredentials must be called at unexpected times

Question

saveCredentials must be called at unexpected times

hwride opened this issue 4 months ago · 2 comments

hwride commented 4 months ago

Checklist

The issue can be reproduced in the react-native-auth0 sample app (or N/A).
I have looked into the Readme, Examples, and FAQ and have not found a suitable solution or answer.
I have looked into the API documentation and have not found a suitable solution or answer.
I have searched the issues and have not found a suitable solution or answer.
I have searched the Auth0 Community forums and have not found a suitable solution or answer.
I agree to the terms within the Auth0 Code of Conduct.

Description

I have found I need to call saveCredentials when I didn't expect to. Specifically:

After calling await auth.refreshTokens()
After calling await webAuth.authorize()

I would have expected these to be saved automatically to the credentials manager.

Reproduction

// Stored globally
const auth = new Auth0({ domain, clientId })

// Elsewhere
const updatedCredentials = await auth.refreshToken({
  refreshToken: credentials.refreshToken,
})
console.log(`creds from refreshToken`, updatedCredentials)
console.log(
  `getCredentials before save`,
  await credentialsManager.getCredentials(),
)
await credentialsManager.saveCredentials(updatedCredentials)
console.log(
  `getCredentials after save`,
  await credentialsManager.getCredentials(),
)

I am finding that "getCredentials before save" prints a different set of tokens to "creds from refreshToken" and "getCredentials after save". So basically until I call saveCredentials, I don't have the refreshed credentials in the credentials manager.

The same applies to webAuth.authorize().

Additional context

No response

react-native-auth0 version

3.0.2

React Native version

0.74.5

Expo version

51.0.26

Platform

iOS

Platform version(s)

iOS 17

Answer 1 · 2024-08-23T10:08:21.000Z

Hi @hwride,

getCredentials() method of CredentialsManager internally takes care of refreshing when it notices that the stored credentials are expired and they contain a valid refreshToken and then saves the refreshed credentials and finally gives you back them.

and if you want to force the refresh of credentials even before they had expired you can call the same method with forceRefresh being set to true as shown below:

await auth0.credentialsManager.getCredentials(undefined, undefined, undefined, true)

and in your case the reason why CredentialsManager is unable to capture the refreshed credentials is because you are updating them directly using the AuthenticationClient and CredentialsManager is un-aware of this operation. Please use getCredentials() to handle the refreshing process for you so that it saves automatically instead of you saving them manually.

and if you would like to save credentials automatically on authorize(), we already support this via hooks, please try checking them out.

removing the bug label as this isn't a bug, feel free to follow up with more questions if above information doesn't solves your concern.

Answer 2 · 2024-08-23T10:44:20.000Z

Thanks very much for the reply. That all makes sense and I see why it's not working in our situation. I'll close this now.