pjhul / auth0-web-extension Goto Github PK

The createAuth0Client function seems to be shimmed well, and I can actually get a reference to it:

const auth0 = createAuth0Client({
  domain: AUTH_DOMAIN,
  client_id: AUTH_CLIENTID,
  audience: AUTH_AUDIENCE,
  redirect_uri: chrome.runtime.getURL("/authSuccess.html"),
  // useRefreshTokens: true,
});

console.log({ auth0 });

/** 
  {
    cacheLocation: "memory"
    cacheManager: e {cache: {…}, nowProvider: ƒ}
    customOptions: {}
    defaultScope: "openid profile email"
    domainUrl: "https://[...].us.auth0.com"
    messenger: e {}
    nowProvider: ƒ ()
    options: {...}
    scope: undefined
    tokenIssuer: "https://[...].us.auth0.com/"
    transactionManager: e {storage: e, ..., transaction: undefined}
  }
**/

But trying to call any of the utility functions throws a TypeError, trying to read a value like l.storage.local:

const token = await auth0.getTokenSilently();
console.log({ token });

// Uncaught (in promise) TypeError: Cannot read properties of undefined (reading 'local')

All similar methods like getUser() etc. cause the same issue.

Assumptions
I noticed that getTokenSilently() returns the same token in many instances. It appears that as long as a service worker is awake the same token will be returned and I assume it just returns the in-memory token instead of doing another handshake for the token. A handshake and new token are only created after the service worker goes to sleep and wakes up again. I am basing this on Paul's blog post (great post, thanks for making it).

"...the nice thing is that on subsequent calls to getTokenSilently, we can pull from the in-memory cache meaning that it consistently takes less than 1ms to get a token."
https://pjhul.com/blog/auth0-web-extension

Our issue
Our issue is that some cases, we need to force a handshake and get a new token instead of using the in-memory cached token.

For us when users sign up without 3rd party auth0 (sign in with google, etc.), we require email verification via users clicking confirm email in their inbox. The user navigates to Gmail to confirm and the auth0-web-extension process is completed before confirming the email. A token is saved with emailVerified as false. After the user confirms their email and goes to a website to use the extension functionality the service worker is still awake and has the old token with emailVerified as false. The API calls fail because we require it true.

Possible solution

I was thinking we could update getTokenSilently() with an argument to optionally force a new handshake. I am open to other ideas and interested in contributing to the repository to improve it.

Thanks!

Not able to initialize the client, the import statement itself showing the error
Failed to resolve module specifier "auth0-web-extension". Relative references must start with either "/", "./", or "../".
I am importing like this in background.js

import createAuth0Client from 'auth0-web-extension';

and I have added like this in manifest.json

"background": {
"service_worker": "background.js",
"type": "module"
},