Version of @auth0/auth0-spa-js

The auth package of RedwoodJS is using @auth0/auth0-spa-js version 1.7.0, can I install the latest version of 1.13.3 in my project instead? Will it cause any problem?

@andrewlamyw Redwood does not lock the auth0-spa-js to a version on install/generate.

I just created a fresh v21 app and generated auth with the Auth0 provider and:

  "dependencies": {
    "@auth0/auth0-spa-js": "^1.13.3",
    "@redwoodjs/auth": "^0.21.0",

The latest package was installed.

In fact, it has been suggested that we do lock

and not upgrade

without prompting to reduce chance that some sdk that has not been tested is used.

I had a quick look through the releases between 1.7 and 1.13.3 and nothing jumped out at be a possibly breaking, but it was just a review.

Actually, this new feature

Add auth0Client: { name: ‘my-custom-client’, version: ‘9.9.9’ } to Auth0ClientOptions options to send your own user agent details to the authorization server

Seems like it might be a nice addition to the client setup to send redwood version or app version info up to Auth0 for logging or if in a rule to prevent login if certain criteria are passed.

1 Like

Thank you for the guidance :pray: :smile: :100:

No problem.

If you do upgrade and everything is working, could you create new issue in so we can upgrade and test there?

It is actually currently tested with v1.9.


1 Like