@imtbl/auth-next-client 2.12.7-alpha.1 → 2.12.7-alpha.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +37 -0
- package/package.json +3 -3
package/README.md
CHANGED
|
@@ -428,6 +428,43 @@ function MyComponent() {
|
|
|
428
428
|
| `isAuthenticated` | `boolean` | Whether user is authenticated |
|
|
429
429
|
| `getUser` | `(forceRefresh?: boolean) => Promise<User \| null>` | Get user function for wallet integration |
|
|
430
430
|
|
|
431
|
+
#### Checking Authentication Status
|
|
432
|
+
|
|
433
|
+
**Always use `isAuthenticated` to determine if a user is logged in.** Do not use the `session` object or `status` field directly for this purpose.
|
|
434
|
+
|
|
435
|
+
**Why not `!!session`?**
|
|
436
|
+
|
|
437
|
+
A `session` object can exist but be **unusable**. For example, the session may be present but the access token is missing, or a token refresh may have failed (indicated by `session.error === "RefreshTokenError"`). Checking `!!session` would incorrectly treat these broken sessions as authenticated.
|
|
438
|
+
|
|
439
|
+
**Why not `status === 'authenticated'`?**
|
|
440
|
+
|
|
441
|
+
The `status` field comes directly from NextAuth's `useSession` and only reflects whether NextAuth considers the session valid at the cookie/JWT level. It does **not** account for whether the access token is actually present or whether a token refresh has failed. A session can have `status === 'authenticated'` while `session.error` is set to `"RefreshTokenError"`, meaning the tokens are no longer usable.
|
|
442
|
+
|
|
443
|
+
**What `isAuthenticated` checks:**
|
|
444
|
+
|
|
445
|
+
The `isAuthenticated` boolean validates all of the following:
|
|
446
|
+
|
|
447
|
+
1. NextAuth reports `'authenticated'` status
|
|
448
|
+
2. The session object exists
|
|
449
|
+
3. A valid access token is present in the session
|
|
450
|
+
4. No session-level error exists (e.g., `RefreshTokenError`)
|
|
451
|
+
|
|
452
|
+
It also handles transient states gracefully — during session refetches (e.g., window focus) or manual refreshes (e.g., after wallet registration via `getUser(true)`), `isAuthenticated` remains `true` if the user was previously authenticated, preventing UI flicker.
|
|
453
|
+
|
|
454
|
+
```tsx
|
|
455
|
+
// ✅ Correct - uses isAuthenticated
|
|
456
|
+
const { isAuthenticated } = useImmutableSession();
|
|
457
|
+
if (!isAuthenticated) return <div>Please log in</div>;
|
|
458
|
+
|
|
459
|
+
// ❌ Incorrect - session can exist with expired/invalid tokens
|
|
460
|
+
const { session } = useImmutableSession();
|
|
461
|
+
if (!session) return <div>Please log in</div>;
|
|
462
|
+
|
|
463
|
+
// ❌ Incorrect - status doesn't account for token errors
|
|
464
|
+
const { status } = useImmutableSession();
|
|
465
|
+
if (status !== "authenticated") return <div>Please log in</div>;
|
|
466
|
+
```
|
|
467
|
+
|
|
431
468
|
#### The `getUser` Function
|
|
432
469
|
|
|
433
470
|
The `getUser` function returns fresh tokens from the session. It accepts an optional `forceRefresh` parameter:
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@imtbl/auth-next-client",
|
|
3
|
-
"version": "2.12.7-alpha.
|
|
3
|
+
"version": "2.12.7-alpha.2",
|
|
4
4
|
"description": "Immutable Auth.js v5 integration for Next.js - Client-side components",
|
|
5
5
|
"author": "Immutable",
|
|
6
6
|
"license": "Apache-2.0",
|
|
@@ -27,8 +27,8 @@
|
|
|
27
27
|
}
|
|
28
28
|
},
|
|
29
29
|
"dependencies": {
|
|
30
|
-
"@imtbl/auth": "2.12.7-alpha.
|
|
31
|
-
"@imtbl/auth-next-server": "2.12.7-alpha.
|
|
30
|
+
"@imtbl/auth": "2.12.7-alpha.2",
|
|
31
|
+
"@imtbl/auth-next-server": "2.12.7-alpha.2"
|
|
32
32
|
},
|
|
33
33
|
"peerDependencies": {
|
|
34
34
|
"next": "^15.0.0",
|