npm - @imtbl/auth-next-client - Versions diffs - 2.12.7 → 2.12.8-alpha.0 - Mend

@imtbl/auth-next-client 2.12.7 → 2.12.8-alpha.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/node/index.cjs CHANGED Viewed

@@ -288,11 +288,12 @@ function useImmutableSession() {
   setIsRefreshingRef.current = setIsRefreshing;
   (0, import_react3.useEffect)(() => {
     if (!session?.accessTokenExpires) return;
+    if (session?.error) return;
     const timeUntilExpiry = session.accessTokenExpires - Date.now() - TOKEN_EXPIRY_BUFFER_MS;
     if (timeUntilExpiry <= 0) {
       deduplicatedUpdate(() => updateRef.current());
     }
-  }, [session?.accessTokenExpires]);
+  }, [session?.accessTokenExpires, session?.error]);
   (0, import_react3.useEffect)(() => {
     if (session?.idToken) {
       storeIdToken(session.idToken);

package/dist/node/index.js CHANGED Viewed

@@ -261,11 +261,12 @@ function useImmutableSession() {
   setIsRefreshingRef.current = setIsRefreshing;
   useEffect2(() => {
     if (!session?.accessTokenExpires) return;
+    if (session?.error) return;
     const timeUntilExpiry = session.accessTokenExpires - Date.now() - TOKEN_EXPIRY_BUFFER_MS;
     if (timeUntilExpiry <= 0) {
       deduplicatedUpdate(() => updateRef.current());
     }
-  }, [session?.accessTokenExpires]);
+  }, [session?.accessTokenExpires, session?.error]);
   useEffect2(() => {
     if (session?.idToken) {
       storeIdToken(session.idToken);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@imtbl/auth-next-client",
-  "version": "2.12.7",
+  "version": "2.12.8-alpha.0",
   "description": "Immutable Auth.js v5 integration for Next.js - Client-side components",
   "author": "Immutable",
   "license": "Apache-2.0",
@@ -27,8 +27,8 @@
     }
   },
   "dependencies": {
-    "@imtbl/auth": "2.12.7",
-    "@imtbl/auth-next-server": "2.12.7"
+    "@imtbl/auth": "2.12.8-alpha.0",
+    "@imtbl/auth-next-server": "2.12.8-alpha.0"
   },
   "peerDependencies": {
     "next": "^14.0.0 || ^15.0.0",

package/src/hooks.test.tsx CHANGED Viewed

@@ -291,6 +291,23 @@ describe('useImmutableSession', () => {
       // Should NOT have called update -- token is still valid
       expect(mockUpdate).not.toHaveBeenCalled();
     });
+    it('does not trigger refresh when session has error (prevents infinite loop)', async () => {
+      // Simulate: token expired and last refresh failed (e.g. RefreshTokenError)
+      const sessionWithError = createSession({
+        accessTokenExpires: Date.now() - 1000, // expired
+        error: 'RefreshTokenError',
+      });
+      setupUseSession(sessionWithError);
+      await act(async () => {
+        renderHook(() => useImmutableSession());
+      });
+      // Must NOT call update - otherwise we would retry refresh repeatedly
+      // and cause an infinite loop (update -> same session with error -> effect re-runs -> update again).
+      expect(mockUpdate).not.toHaveBeenCalled();
+    });
   });
   describe('getUser() respects pending refresh', () => {
@@ -317,5 +334,35 @@ describe('useImmutableSession', () => {
       // getUser() should have waited for the refresh and gotten the fresh token
       expect(user?.accessToken).toBe('user-fresh-token');
     });
+    it('getUser(true) still calls update with forceRefresh even when session has error', async () => {
+      // Session is in error state (e.g. previous refresh failed)
+      const sessionWithError = createSession({
+        accessTokenExpires: Date.now() - 1000,
+        error: 'RefreshTokenError',
+      });
+      setupUseSession(sessionWithError);
+      // Server recovers and returns a valid session (e.g. user re-authenticated elsewhere)
+      const recoveredSession = createSession({
+        accessToken: 'recovered-token',
+        accessTokenExpires: Date.now() + 10 * 60 * 1000,
+        user: { sub: 'user-1', email: 'recovered@test.com' },
+      });
+      mockUpdate.mockResolvedValue(recoveredSession);
+      const { result } = renderHook(() => useImmutableSession());
+      let user: any;
+      await act(async () => {
+        user = await result.current.getUser(true);
+      });
+      // forceRefresh must have been attempted (proactive effect does NOT run when session.error is set)
+      expect(mockUpdate).toHaveBeenCalledWith({ forceRefresh: true });
+      // When server returns a good session, we get the user
+      expect(user?.accessToken).toBe('recovered-token');
+      expect(user?.profile?.email).toBe('recovered@test.com');
+    });
   });
 });

package/src/hooks.tsx CHANGED Viewed

@@ -221,6 +221,8 @@ export function useImmutableSession(): UseImmutableSessionReturn {
   // `!isRefreshing` to briefly lose their cached data, resulting in UI flicker.
   useEffect(() => {
     if (!session?.accessTokenExpires) return;
+    // Don't retry if the last refresh already failed - prevents infinite loops
+    if (session?.error) return;
     const timeUntilExpiry = session.accessTokenExpires - Date.now() - TOKEN_EXPIRY_BUFFER_MS;
@@ -228,7 +230,7 @@ export function useImmutableSession(): UseImmutableSessionReturn {
       // Already expired -- refresh silently
       deduplicatedUpdate(() => updateRef.current());
     }
-  }, [session?.accessTokenExpires]);
+  }, [session?.accessTokenExpires, session?.error]);
   // ---------------------------------------------------------------------------
   // Sync idToken to localStorage