feat: add expiration time ms tracking #2106
Conversation
thebrianchen
requested review from
dancoombs,
dphilipson,
linnall,
adamegyed,
Zer0dot,
noam-alchemy,
jakehobbs,
avarobinson,
florrdv,
blakecduncan,
Shenghu-Yang,
andysim3d,
0xfourzerofour,
niveda-krish,
alex-miao,
joshzhang5,
AlvaroLuken,
Dan-Nolan and
SahilAujla
as code owners
thebrianchen
changed the title
thebrianchen
changed the title
There was a problem hiding this comment.
This is great! Left a suggestion about naming.
I think we can do a little more in relation to expiration time, which can possibly go in a separate PR. We should also set a timer in the auth client which triggers when the session expires, disconnects the client, and emits a "disconnected" event.
I was thinking of something like the interface in the design doc, particularly the elements disconnect(), on("disconnect", handler), and isDisconnected. As mentioned, it might make sense to do all this together in a separate PR.
packages/auth/src/authSession.ts
Outdated
| /** Credential ID for passkey authentication */ | ||
| credentialId?: string; | ||
| /** Expiration timestamp - if not provided, defaults to 15 minutes from now */ | ||
| expirationDateMs?: number; |
There was a problem hiding this comment.
The comment and variable name are a bit imprecise: they make it sound like you're providing the timestamp at which the session expires, rather than the length of the session. I'd consider naming the variable either just expirationMs or maybe something like sessionDurationMs, and adjusting the comment.
(I realize the variable name already existed in the code, but I didn't notice it before and now it's becoming part of the public API so needs more attention.)
Edit: Oh whoops, I realize that what I'm describing is in fact what the variable actually does, so the naming and comment are correct. In that case, I'll say that I think it would be more intuitive to have this take the duration instead, since that's what devs are thinking in terms of in 99% of situations.
There was a problem hiding this comment.
I agree with dphil here. My mental model was that the parameter passed into the AuthSession constructor would be called something like sessionLengthMs and it would be used to set the private element on AuthSession called expirationDateMs
There was a problem hiding this comment.
changed to sessionDurationMs
| bundle, | ||
| orgId, | ||
| idToken, | ||
| authType: type, |
There was a problem hiding this comment.
as mentioned on authSession.ts, can we rename this to something like sessionLengthMs? assuming that the user will be passing in their desired session length and we are responsible for then calculating the expiration date from it
There was a problem hiding this comment.
added logic to recalculate session length based on the expiration date that's deserialized
thebrianchen
changed the title
This reverts commit 6e27cf6.
Adding tracking for expiration in auth sessions with a default of 15mins. Updated example web app to show expiration time.
note that we still need to add functionality for letting user provide the expiration time, not included in this PR.
Pull Request Checklist
yarn test)sitefolder, and guidelines for updating/adding docs can be found in the contribution guide)feat!: breaking change)yarn lint:check) and fix any issues? (yarn lint:write)PR-Codex overview
This PR focuses on enhancing session management and authentication in the
alchemyAuthconnector, including session persistence, expiration handling, and improved session state management.Detailed summary
DEFAULT_SESSION_EXPIRATION_MSconstant for default expiration time.AuthClientandAuthSession.alchemyAuthto persist and restore session state across page reloads.