feat: add support for Online Access (Online Refresh Tokens)#934
feat: add support for Online Access (Online Refresh Tokens)#934NandanPrabhu wants to merge 4 commits into
Conversation
📝 WalkthroughWalkthroughThe Angular SDK upgrades its SPA dependency, re-exports online refresh-token errors and mode symbols, and adds documentation for online access configuration, validation, and MRRT compatibility. ChangesOnline refresh token support
Estimated code review effort: 2 (Simple) | ~10 minutes 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
c6eb44d to
5a36e7e
Compare
16c2c76 to
ea70d32
Compare
|
Snyk vulnerability check failing — root cause is an Angular major version, not a patch fix CI is flagging 4 vulnerabilities in @angular/common, @angular/compiler, and @angular/core (currently pinned to ^19.2.21, resolving to 19.2.25):
19.2.25 is already the latest published patch in the 19.x line — there is no 19.x release that fixes these. Snyk's own remediation advice confirms the fix only lands in I tried a narrow fix — bumping only @angular/common, @angular/compiler, and @angular/core to ^20.3.25 while leaving the rest of the @angular/* packages at 19.2.21 — but npm install fails with ERESOLVE: @angular/animations, @angular/platform-browser, @angular/router, @angular/forms, and @angular/compiler-cli all declare a peer dependency on @angular/common@"19.2.25" (and its siblings) at that exact version. Angular's own packages are lockstep-versioned, so they can't be upgraded independently — this isn't fixable without upgrading the full Angular toolchain together. This means fixing the Snyk finding requires a full Angular 19 → 20 major upgrade (@angular/, @angular/cli, @angular-devkit/build-angular, @angular-eslint/, ng-packagr,
|
a7a6678 to
ef06256
Compare
Adds revokeRefreshToken() to AuthService, following the same Observable pattern as logout() — wraps the underlying Auth0Client call and triggers AuthState.refresh() so isAuthenticated$/user$/idTokenClaims$ reflect the result. This is the one gap in Online Access support — refreshTokenMode, useDpop, and useMrrt already pass through AuthConfig's existing Auth0ClientOptions config surface. Also exports RefreshTokenMode, InvalidConfigurationError, MissingScopesError, and RevokeRefreshTokenOptions from the package root, and documents the feature in EXAMPLES.md.
Online Access (Online Refresh Tokens) is gated behind Auth0 account team enablement. Adds the same Early Access notice used for the MFA section.
RefreshTokenMode is not exported until 2.23.0 — the previous ^2.21.0 range let installs resolve to an older minor where RefreshTokenMode is undefined, breaking refreshTokenMode: RefreshTokenMode.Online at runtime.
Drops the revokeRefreshToken() method, its RevokeRefreshTokenOptions export, tests, and EXAMPLES.md section added in 2b81160. Online Access (refreshTokenMode, useDpop, useMrrt) and the other new exports (RefreshTokenMode, InvalidConfigurationError, MissingScopesError) are unaffected.
ef06256 to
f48600a
Compare
Summary
Adds full support for Online Access (Online Refresh Tokens / ORTs) in
auth0-angular, mirroring the underlyingauth0-spa-jsfeature.Most of the configuration surface (
refreshTokenMode,useDpop,useMrrt,useRefreshTokens) already passed through automatically sinceAuthConfig extends Auth0ClientOptionsandAuth0ClientFactoryspreads config directly — no changes needed there.Changes
RefreshTokenMode,InvalidConfigurationError,MissingScopesErrorfrompublic-api.tsauth.service.spec.tscovering the call, options forwarding, state refresh, and error propagationEXAMPLES.md, covering bothAuthModule.forRootand standaloneprovideAuth0configuration stylesUsage
Testing
npx jest --no-coverage— 184 tests)npx tsc --noEmit— zero TypeScript errorsnpx ng build auth0-angular— builds cleanlynpx ng lint— zero errorsauth0-spa-jsand smoke-testedRefreshTokenModeresolve correctlySummary by CodeRabbit
New Features
Bug Fixes