The auth package of RedwoodJS is using @auth0 /auth0-spa-js version 1.7.0, can I install the latest version of 1.13.3 in my project instead? Will it cause any problem?
@andrewlamyw Redwood does not lock the auth0-spa-js to a version on install/generate.
I just created a fresh v21 app and generated auth with the Auth0 provider and:
"dependencies": {
"@auth0/auth0-spa-js": "^1.13.3",
"@redwoodjs/auth": "^0.21.0",
The latest package was installed.
In fact, it has been suggested that we do lock
opened 09:05PM - 15 Nov 20 UTC
closed 08:00PM - 27 Jan 21 UTC
topic/auth
Currently when running the auth generator we add the relevant client library to … the user's `web/package.json`, like this `packages/cli/src/commands/generate/auth/providers/supabase.js:export const webPackages = ['@supabase/supabase-js']`
The problem is that we don't specify a version for, in this case, the supabase client library. So when a new version is released our generated code might break. Case in point: https://github.com/redwoodjs/redwood/issues/1426 supabase released a new version where some methods changed names, so now whenever a RW user tries to generate supabase based auth, the code will be broken. If @supabase/supabase-js was pinned to `0.36.5` (which is the last version we support) this wouldn't have happened.
Do you all agree? Any input?
/cc @dthyresson @peterp
and not upgrade
opened 09:22PM - 15 Nov 20 UTC
closed 12:14AM - 10 Jun 21 UTC
good first issue
topic/fully-integrated-dx
This is what my `web/package.json` file looked like
Then I ran the supabase auth generator, and without warning and without asking, this is what I ended up with
I think the generator should exit with a message telling the user to run with `--force` if the user wants the generator to overwrite existing code.
without prompting to reduce chance that some sdk that has not been tested is used.
I had a quick look through the releases between 1.7 and 1.13.3 and nothing jumped out at be a possibly breaking, but it was just a review.
Actually, this new feature
auth0:master ← auth0:custom-auth0-client
opened 02:57PM - 01 Jun 20 UTC
### Description
Add `auth0Client: { name: 'my-custom-client', version: '9.9.9… ' }` to `Auth0ClientOptions` options to send your own user agent details to the authorization server
### Testing
- [x] This change adds test coverage for new/changed/fixed functionality
### Checklist
- [x] I have added documentation for new/changed functionality in this PR or in auth0.com/docs
- [ ] All active GitHub checks for tests, formatting, and security are passing
- [x] The correct base branch is being used, if not `master`
Add auth0Client: { name: ‘my-custom-client’, version: ‘9.9.9’ } to Auth0ClientOptions options to send your own user agent details to the authorization server
Seems like it might be a nice addition to the client setup to send redwood version or app version info up to Auth0 for logging or if in a rule to prevent login if certain criteria are passed.
1 Like
No problem.
If you do upgrade and everything is working, could you create new issue in https://github.com/redwoodjs/playground-auth so we can upgrade and test there?
It is actually currently tested with v1.9.
Cheers.
1 Like
