Commit 2cd530b
authored
feat: enforce IPSIE session_expiry ceiling on local session lifetime (#1126)
## Summary
- Bumps `@auth0/auth0-spa-js` to `^2.22.0` to pick up IPSIE
`session_expiry` enforcement
- Adds one unit test covering mid-session ceiling breach via
`getAccessTokenSilently`
- Adds `Session Expiry from Upstream IdP (IPSIE)` section to
`EXAMPLES.md`
No provider code changes are needed. Enforcement is fully handled by
`auth0-spa-js`. The React layer already propagates the `undefined`
user/token responses into `isAuthenticated: false` state transitions.
Routes wrapped with `withAuthenticationRequired` require no code
changes; components calling `getAccessTokenSilently()` imperatively need
an explicit null check (documented in EXAMPLES.md).
## Test plan
- [x] All existing unit tests pass
- [x] New `session_expiry ceiling (IPSIE SL1)` test passes
- [x] Manual: deploy a Post-Login Action with
`api.idToken.setCustomClaim('session_expiry', Math.floor(Date.now() /
1000) + 120)`, log in, wait 2 minutes. The app should redirect to login
without any code changes.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Added a new guide section covering upstream IdP session expiry,
including claim setup and a walkthrough of resulting SDK behavior.
* Documented how protected routes behave when authentication/session
limits are reached, plus upgrade guidance for apps that assume
tokens/users are always present.
* **Bug Fixes**
* Improved handling when silent token retrieval resolves to no value,
ensuring auth state is cleared and `getAccessTokenSilently()` returns
`undefined`.
* **Tests**
* Added coverage to verify the new silent-token/clearing behavior.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->1 parent 76cc155 commit 2cd530b
3 files changed
Lines changed: 106 additions & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
18 | 18 | | |
19 | 19 | | |
20 | 20 | | |
| 21 | + | |
21 | 22 | | |
22 | 23 | | |
23 | 24 | | |
| |||
1616 | 1617 | | |
1617 | 1618 | | |
1618 | 1619 | | |
| 1620 | + | |
| 1621 | + | |
| 1622 | + | |
| 1623 | + | |
| 1624 | + | |
| 1625 | + | |
| 1626 | + | |
| 1627 | + | |
| 1628 | + | |
| 1629 | + | |
| 1630 | + | |
| 1631 | + | |
| 1632 | + | |
| 1633 | + | |
| 1634 | + | |
| 1635 | + | |
| 1636 | + | |
| 1637 | + | |
| 1638 | + | |
| 1639 | + | |
| 1640 | + | |
| 1641 | + | |
| 1642 | + | |
| 1643 | + | |
| 1644 | + | |
| 1645 | + | |
| 1646 | + | |
| 1647 | + | |
| 1648 | + | |
| 1649 | + | |
| 1650 | + | |
| 1651 | + | |
| 1652 | + | |
| 1653 | + | |
| 1654 | + | |
| 1655 | + | |
| 1656 | + | |
| 1657 | + | |
| 1658 | + | |
| 1659 | + | |
| 1660 | + | |
| 1661 | + | |
| 1662 | + | |
| 1663 | + | |
| 1664 | + | |
| 1665 | + | |
| 1666 | + | |
| 1667 | + | |
| 1668 | + | |
| 1669 | + | |
| 1670 | + | |
| 1671 | + | |
| 1672 | + | |
| 1673 | + | |
| 1674 | + | |
| 1675 | + | |
| 1676 | + | |
| 1677 | + | |
| 1678 | + | |
| 1679 | + | |
| 1680 | + | |
| 1681 | + | |
| 1682 | + | |
| 1683 | + | |
| 1684 | + | |
| 1685 | + | |
| 1686 | + | |
| 1687 | + | |
| 1688 | + | |
| 1689 | + | |
| 1690 | + | |
| 1691 | + | |
| 1692 | + | |
| 1693 | + | |
| 1694 | + | |
| 1695 | + | |
| 1696 | + | |
| 1697 | + | |
| 1698 | + | |
| 1699 | + | |
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1506 | 1506 | | |
1507 | 1507 | | |
1508 | 1508 | | |
| 1509 | + | |
| 1510 | + | |
| 1511 | + | |
| 1512 | + | |
| 1513 | + | |
| 1514 | + | |
| 1515 | + | |
| 1516 | + | |
| 1517 | + | |
| 1518 | + | |
| 1519 | + | |
| 1520 | + | |
| 1521 | + | |
| 1522 | + | |
| 1523 | + | |
| 1524 | + | |
| 1525 | + | |
| 1526 | + | |
| 1527 | + | |
| 1528 | + | |
| 1529 | + | |
| 1530 | + | |
| 1531 | + | |
| 1532 | + | |
1509 | 1533 | | |
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
93 | 93 | | |
94 | 94 | | |
95 | 95 | | |
96 | | - | |
| 96 | + | |
97 | 97 | | |
98 | 98 | | |
0 commit comments