🌱 Adds support for autoPush url param in poll and verify functions #91
Conversation
gowthamidommety-okta
force-pushed
the
gd-OKTA-155565-autoPushHttpOnly
branch
from
84b035b to
df2162d
Compare
lib/tx.js
Outdated
| if (rememberDevice) { | ||
| href += '?rememberDevice=true'; | ||
| opts.rememberDevice = rememberDevice; |
There was a problem hiding this comment.
Should we explicitly set this to true? Same question for autoPush and updatePhone
There was a problem hiding this comment.
I think we should, so we don't change the current way this works for rememberDevice. And if we do the same for the other variables, then we will be consistent everywhere, plus they are supposed to be booleans (I am assuming that is also what the API expects)
gowthamidommety-okta
requested review from
lboyette-okta and
mauriciocastillosilva-okta
|
Need to change description as this is not only for the poll function |
There was a problem hiding this comment.
one comment in one the changes
and one important comment for the design: if I understand correctly, once we call pol({autoPush: true}) then we won't be able to change the value in all the polling requests. So for the UI that we want to change based on the checkbox, we will need to stop the current poll and then call verify again with the new value.
lib/tx.js
Outdated
| if (rememberDevice) { | ||
| href += '?rememberDevice=true'; | ||
| opts.rememberDevice = rememberDevice; |
There was a problem hiding this comment.
I think we should, so we don't change the current way this works for rememberDevice. And if we do the same for the other variables, then we will be consistent everywhere, plus they are supposed to be booleans (I am assuming that is also what the API expects)
gowthamidommety-okta
force-pushed
the
gd-OKTA-155565-autoPushHttpOnly
branch
from
1cebed1 to
1a0724f
Compare
lib/tx.js
Outdated
| @@ -7,7 +7,8 @@ var AuthPollStopError = require('./errors/AuthPollStopError'); | |||
| var config = require('./config'); | |||
|
|
|||
| function addStateToken(res, options) { | |||
| var builtArgs = util.clone(options) || {}; | |||
| var builtArgs = {}; | |||
| util.extend(builtArgs, options || {}); | |||
There was a problem hiding this comment.
Changed this to use extend. clone uses JSON.stringify which makes it difficult to use with functions.
There was a problem hiding this comment.
This should work without the || {} check
lib/tx.js
Outdated
| var href = pollLink.href; | ||
| var opts = {}; | ||
| if (autoPush !== undefined && autoPush !== null) { | ||
| opts.autoPush = (typeof autoPush === 'function') ? autoPush() : !!autoPush; |
There was a problem hiding this comment.
autoPush now takes a boolean / function. It sets the option on every poll to account for the scenario when the checkbox is clicked during an active poll
There was a problem hiding this comment.
Interesting. I wonder why this didn't come up for rememberDevice. It'd have the same problem, right?
There was a problem hiding this comment.
Does this need to be a function for the simple verify case, or is the poll case sufficient?
There was a problem hiding this comment.
Correct, I don't think the rememberDevice value will change if the checkbox is clicked during an active poll. However, we are implementing it this way for autoPush to keep it consistent with the way the autoPush cookie is set on the front end now.
It doesn't need to be a function for the verify case, I just thought it would be better to keep it consistent. What do you think?
There was a problem hiding this comment.
Good point Len, it is interesting cause it definitely has the same problem. I was just checking and when you click verify, we send rememberDevice=true, but for polling we do not send that. And if we change the checkbox, then we don't change the value either. I do not know how the backend works for rememberDevice though... maybe we can have a follow up jira for that?
and yes, for verify it doesn't need to be a function, but my vote goes for the consistency.
There was a problem hiding this comment.
re: verify - I'm down with consistency
re: rememberDevice - I'm curious if the server maintains the rememberDevice state for us. If it handles the rememberDevice state, it seems natural that it'd also handle the autoPush state. If it doesn't, we can do what this PR does (send it with every request). Is this a question for @srinivasanagandla-okta ?
There was a problem hiding this comment.
@kentonsmith-okta would you know the answer to the above ^ ?
There was a problem hiding this comment.
Spoke to @kentonsmith-okta about this. The backend seems to cache the rememberDevice value sent on the first verify and then save it on a successful authentication. If the user were to change the value during a poll, it would have no affect. The only way to clear a saved (true) value is to clear the browser's cookies.
lib/tx.js
Outdated
| var href = pollLink.href; | ||
| var opts = {}; | ||
| if (autoPush !== undefined && autoPush !== null) { | ||
| opts.autoPush = (typeof autoPush === 'function') ? autoPush() : !!autoPush; |
There was a problem hiding this comment.
Interesting. I wonder why this didn't come up for rememberDevice. It'd have the same problem, right?
| return test.trans.verify({ | ||
| passCode: '123456', | ||
| autoPush: function () { | ||
| return true; |
There was a problem hiding this comment.
What should happen if autoPush() doesn't return true or false (let's say they accidentally return a Promise)?
There was a problem hiding this comment.
Yea, that was something i was thinking about today. It would probably be better to force whatever the function returns to a boolean.
There was a problem hiding this comment.
Yeah, let's force a boolean
| return test.trans.verify({ | ||
| passCode: '123456', | ||
| autoPush: function () { | ||
| return true; |
There was a problem hiding this comment.
It'd be nice to add a test that throws an error inside of autoPush (particularly in the polling case)
lib/tx.js
Outdated
| @@ -7,7 +7,8 @@ var AuthPollStopError = require('./errors/AuthPollStopError'); | |||
| var config = require('./config'); | |||
|
|
|||
| function addStateToken(res, options) { | |||
| var builtArgs = util.clone(options) || {}; | |||
| var builtArgs = {}; | |||
| util.extend(builtArgs, options || {}); | |||
There was a problem hiding this comment.
This should work without the || {} check
lib/tx.js
Outdated
| var href = pollLink.href; | ||
| var opts = {}; | ||
| if (autoPush !== undefined && autoPush !== null) { | ||
| opts.autoPush = (typeof autoPush === 'function') ? autoPush() : !!autoPush; |
There was a problem hiding this comment.
Does this need to be a function for the simple verify case, or is the poll case sufficient?
lib/tx.js
Outdated
| var href = pollLink.href; | ||
| var opts = {}; | ||
| if (autoPush !== undefined && autoPush !== null) { | ||
| opts.autoPush = (typeof autoPush === 'function') ? autoPush() : !!autoPush; |
There was a problem hiding this comment.
Good point Len, it is interesting cause it definitely has the same problem. I was just checking and when you click verify, we send rememberDevice=true, but for polling we do not send that. And if we change the checkbox, then we don't change the value either. I do not know how the backend works for rememberDevice though... maybe we can have a follow up jira for that?
and yes, for verify it doesn't need to be a function, but my vote goes for the consistency.
| return test.trans.poll({ | ||
| delay: 0, | ||
| autoPush: function () { | ||
| return true; |
There was a problem hiding this comment.
might be a good idea to return false in the third response just to test that it actually sends something different if the value is changed after the first poll request.
There was a problem hiding this comment.
I second this. We should change one of the polling tests to change between requests
gowthamidommety-okta
force-pushed
the
gd-OKTA-155565-autoPushHttpOnly
branch
from
5b920d3 to
23fcc94
Compare
|
@lboyette-okta @mauriciocastillosilva-okta Please review again. Made changes and also added the test that changes the response between requests. |
|
@gowthamidommety-okta if we could add something here: https://github.com/okta/okta-auth-js#verifyoptions-1, that'd be awesome |
README.md
Outdated
|
|
||
| Poll until factorResult is not WAITING. Throws AuthPollStopError if prev or cancel is called. | ||
| - `autoPush` - Send a push notification immediately the next time `verify` is called on a push factor |
There was a problem hiding this comment.
Sweet. Change this to Optional parameter to send a push notification immediately the next time verify is called on a push factor to match the others and 🚢
gowthamidommety-okta
force-pushed
the
gd-OKTA-155565-autoPushHttpOnly
branch
2 times, most recently
from
f1d9765 to
5d64acd
Compare
gowthamidommety-okta
changed the title
Resolves: OKTA-155565