feat: expose clearDPoPKey() on class and hook APIs#1592
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Plus Run ID: 📒 Files selected for processing (6)
🚧 Files skipped from review as they are similar to previous changes (6)
📝 WalkthroughWalkthroughAdds ChangesDPoP recovery
Estimated code review effort: 2 (Simple) | ~10 minutes Sequence Diagram(s)sequenceDiagram
participant Application
participant Auth0Provider
participant NativeAuth0Client
participant NativeBridge
Application->>Auth0Provider: clearDPoPKey()
Auth0Provider->>NativeAuth0Client: client.clearDPoPKey()
NativeAuth0Client->>NativeBridge: clearDPoPKey()
NativeBridge-->>NativeAuth0Client: completion or AuthError
NativeAuth0Client-->>Auth0Provider: completion or DPoPError
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Warning There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure. 🔧 ESLint
ESLint install failed. For unrecoverable errors, disable the tool in CodeRabbit configuration. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 5
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@FAQ.md`:
- Around line 1091-1093: Remove the “Last resort: disable DPoP” section from the
FAQ, including the recommendation to set useDPoP: false and its FAQ `#16`
reference. Replace it with guidance to investigate or escalate corrupted DPoP
state after clearDPoPKey() fails, while preserving the requirement that DPoP
must never be disabled.
- Around line 1059-1067: Update the handleLogin authorization recovery so
clearDPoPKey and the retry occur only after confirming the caught error is
DPoP-specific; leave cancellation, credential, and network failures unchanged.
Apply the same guard to the second authorization example around its catch/retry
flow, or make key clearing an explicit user-initiated recovery action.
In `@src/core/interfaces/IAuth0Client.ts`:
- Around line 85-96: The public clearDPoPKey documentation is incomplete across
the interface, hook, top-level client, and platform adapters. In
src/core/interfaces/IAuth0Client.ts lines 85-96, src/hooks/Auth0Context.ts lines
424-435, and src/Auth0.ts lines 138-156, document iOS/Android support and that
web throws UnsupportedOperation using platform-name-only notation; add
corresponding JSDoc to NativeAuth0Client at
src/platforms/native/adapters/NativeAuth0Client.ts line 183 identifying the
native implementation, and to WebAuth0Client at
src/platforms/web/adapters/WebAuth0Client.ts line 228 identifying the
unsupported web behavior.
In `@src/platforms/native/adapters/NativeAuth0Client.ts`:
- Around line 184-186: Update the clear-DPoP-key flow after await this.ready to
call clearDPoPKey through this.guardedBridge instead of this.bridge. Preserve
the existing async handling and return behavior while ensuring the call uses the
guarded bridge’s native configuration synchronization.
In `@src/platforms/web/adapters/WebAuth0Client.ts`:
- Around line 232-235: Update the web adapter’s clearDPoPKey failure to throw a
DPoPError instead of the raw AuthError, preserving the existing
unsupported-operation message and ensuring callers receive the same
DPoPError/type shape as NativeAuth0Client.clearDPoPKey().
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro Plus
Run ID: 5d5c4b6e-c3e9-4954-a1a3-e775eb35d580
📒 Files selected for processing (7)
FAQ.mdsrc/Auth0.tssrc/core/interfaces/IAuth0Client.tssrc/hooks/Auth0Context.tssrc/hooks/Auth0Provider.tsxsrc/platforms/native/adapters/NativeAuth0Client.tssrc/platforms/web/adapters/WebAuth0Client.ts
There was a problem hiding this comment.
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
src/Auth0.ts (1)
147-152: 🎯 Functional Correctness | 🟡 Minor | ⚡ Quick winClarify the documented web error type and platform notation.
Line 148 says the web implementation throws an
UnsupportedOperationerror, butsrc/platforms/web/adapters/WebAuth0Client.ts:239-246actually throws aDPoPErrorwrapping anAuthErrorwith that code. Align the wording with Line 152 and use the required platform notation, such as**iOS only**, **Android only**, andWeb only`.As per coding guidelines, platform-specific behavior must use platform name only notation.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/Auth0.ts` around lines 147 - 152, The documentation around the DPoP key-clearing API in Auth0.ts should consistently describe the web failure as a DPoPError wrapping an AuthError with code UnsupportedOperation. Update the platform-specific wording to use the required bold notation, including **iOS only**, **Android only**, and **Web only**, while preserving the existing return and throws documentation.Source: Coding guidelines
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Outside diff comments:
In `@src/Auth0.ts`:
- Around line 147-152: The documentation around the DPoP key-clearing API in
Auth0.ts should consistently describe the web failure as a DPoPError wrapping an
AuthError with code UnsupportedOperation. Update the platform-specific wording
to use the required bold notation, including **iOS only**, **Android only**, and
**Web only**, while preserving the existing return and throws documentation.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro Plus
Run ID: 9a9f85b0-3c3d-4d3a-86f6-86219ddaf801
📒 Files selected for processing (5)
src/Auth0.tssrc/core/interfaces/IAuth0Client.tssrc/hooks/Auth0Context.tssrc/platforms/native/adapters/NativeAuth0Client.tssrc/platforms/web/adapters/WebAuth0Client.ts
🚧 Files skipped from review as they are similar to previous changes (4)
- src/core/interfaces/IAuth0Client.ts
- src/platforms/native/adapters/NativeAuth0Client.ts
- src/platforms/web/adapters/WebAuth0Client.ts
- src/hooks/Auth0Context.ts
Exposes
clearDPoPKey()on theAuth0class anduseAuth0hook (iOS/Android; throwsUnsupportedOperationon web). Lets apps clear a corrupted DPoP key pair and retry login instead of disabling DPoP. Adds FAQ 19.Summary by CodeRabbit
clearDPoPKey()to recover from corrupted DPoP state on iOS and Android.useAuth0()hook.