Skip to content

Fix/reactive auth sharing persist#48

Open
gitmibrahim wants to merge 4 commits into
rodindev:mainfrom
gitmibrahim:fix/reactive-auth-sharing-persist
Open

Fix/reactive auth sharing persist#48
gitmibrahim wants to merge 4 commits into
rodindev:mainfrom
gitmibrahim:fix/reactive-auth-sharing-persist

Conversation

@gitmibrahim

Copy link
Copy Markdown

What

  1. Shared Reactive Auth State (packages/core/src/runtime/auth.ts):

    • Centralized authentication storage using a per-spec ref cache (authStoresCache and getAuthStore).
    • Cleaned up the unused onMounted import.
    • Added unit tests in auth.spec.ts to verify state sharing across multiple hook instances.
  2. Immediate Credential Persistence (packages/core/src/components/AuthControls.vue):

    • Added @input="commit" handling on the credential input field to persist modifications instantly.
    • Added unit tests in AuthControls.spec.ts confirming immediate persistence on input events.
  3. Request Authorization Tests (packages/core/src/components/EndpointTryPanel.spec.ts):

    • Created a new spec suite covering token/auth injection into the Request Envelope for:
      • bearer
      • oauth2
      • basic
      • apikey (header, query, and cookie locations)

Why

Closes #46

  • Cross-Component Reactivity: Previously, each instance of the useAuthState hook maintained its own independent state. If multiple playground or auth control components were active for the same spec, a credential update in one would not reactively propagate to others in real-time. Shared caching ensures perfect UI synchronization.
  • Improved UX in Playgrounds: Persisting credentials on keypress (input) ensures that API try-it requests and code snippets are dynamically updated without forcing the user to press Enter or trigger a blur event by clicking elsewhere first.
  • Improved Test Coverage: Verified that all standard OpenAPI security schemes are successfully injected into outgoing playground requests, preventing future regressions.

How to test

  • npm run typecheck passes
  • npm run test:run passes
  • Manually verified in npm run dev

@gitmibrahim

Copy link
Copy Markdown
Author

@rodindev Just a quick reminder to request a review on this PR when you're ready so we can get it processed. Thanks!

@rodindev rodindev left a comment

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this. The shared Map<specName, Ref> is the right approach. I synced your branch with main (1.8.0 is out) and CI is green. Left a few inline notes, the watch one is the only blocker.

}
}

watch(store, (value) => {

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This watch binds to the first AuthControls that mounts, since it reads credential.value in setup, so it gets disposed on unmount and persistence stops after a page navigation. A detached effectScope(true), or writing to sessionStorage in set()/clear() instead of a watch, keeps it independent of any component.

store.value = undefined
if (typeof sessionStorage !== 'undefined') {
const key = `${STORAGE_PREFIX}${name}`
const raw = sessionStorage.getItem(key)

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reading here instead of in onMounted can cause a hydration mismatch on reload with a stored token: the input renders filled on the client but empty in the SSG HTML.

// sessionStorage quota exceeded — credential won't persist but UI still works
}
})
/** Per-spec credential cache. SSR-safe (reads in onMounted). Accepts a reactive ref or plain string. */

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This still says reads in onMounted, which isn't the case anymore.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Credentials in AuthControls are not synchronized across instances and do not persist on keypress

2 participants