Broadleaf Microservices
  • v1.0.0-latest-prod

Auth JS SDK Release Notes for 1.5.5

Table of Contents

Bug Fixes

  • Fixed token caching when using accounts and refresh token rotation

    • If the current user is in an account context, the token cache expects the account Id to be part of the cache key. However, there was a possibility that this would not occur when the token was added to the cache.

    • Additionally, when switching between accounts, a new Authorization flow should be entered with the new account Id as a parameter. In the case typical case, this is achieved by way of a hidden iframe in the background. However, for refresh token rotation, this is not viable.

      • The fix in this case was to update AuthClient#loginWithRedirect to take the new account Id as a parameter which it then includes in the Authorization request it makes.

      • Users are now expected to call loginWithRedirect programmatically from their storefront app when the account context changes when using refresh token rotation. See the following example usage.

        import { useAuth } from '@broadleaf/auth-react';
        const MyComponent = () => {
          const { loginWithRedirect } = useAuth();
          useEffect(() => {
            loginWithRedirect({ accountId });
          }, [accountId]);
          return (
              onClick={() => {
                loginWithRedirect({ accountId: 'someValue' });
              Change Account