Update authentication configuration to use Asgardeo V2 (Thunder)#641
Open
rasika2012 wants to merge 2 commits intowso2:mainfrom
Open
Update authentication configuration to use Asgardeo V2 (Thunder)#641rasika2012 wants to merge 2 commits intowso2:mainfrom
rasika2012 wants to merge 2 commits intowso2:mainfrom
Conversation
Contributor
|
Warning Rate limit exceeded
Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 0 minutes and 34 seconds. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (10)
📝 WalkthroughWalkthroughThis PR migrates auth from Changes
Sequence Diagram(s)sequenceDiagram
participant Browser
participant WebApp
participant Asgardeo
participant API
Browser->>WebApp: open/login
WebApp->>Asgardeo: signIn / signInSilently
Asgardeo-->>WebApp: access token
WebApp->>API: call with access token
API-->>WebApp: 200 OK / 401 Unauthorized
alt 200 OK
WebApp-->>Browser: render data
else 401
WebApp->>WebApp: handleAuthAndExpectedErrors -> logout()
WebApp-->>Asgardeo: signOut (redirect to afterSignOutUrl)
WebApp-->>Browser: redirect to /login
end
Estimated code review effort🎯 4 (Complex) | ⏱️ ~50 minutes Poem
🚥 Pre-merge checks | ✅ 3 | ❌ 2❌ Failed checks (2 warnings)
✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 5
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (2)
console/workspaces/libs/api-client/src/hooks/react-query-notifications.ts (1)
147-150:⚠️ Potential issue | 🟠 MajorRun auth/session handling before the UI-notification guards.
handleAuthAndExpectedErrors(...)is currently skipped in two important cases: queries return early onceisAuthenticatedis false, and mutations short-circuit whenshowErroris false or auth is already false. That prevents the 401/auth-client paths from callinglogout(), which can leave the user stuck on a protected screen after the session expires.🔁 Proposed fix
- if (!isAuthenticated) { - lastErrorMessageRef.current = null; - return; - } - if (handleAuthAndExpectedErrors(query.error, logout)) { lastErrorMessageRef.current = null; return; } + if (!isAuthenticated) { + lastErrorMessageRef.current = null; + return; + }- if ( - showError && - isAuthenticated && - !handleAuthAndExpectedErrors(error, logout) - ) { + const handledAuthError = handleAuthAndExpectedErrors(error, logout); + if (showError && isAuthenticated && !handledAuthError) {Also applies to: 179-182, 244-248
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@console/workspaces/libs/api-client/src/hooks/react-query-notifications.ts` around lines 147 - 150, The early-return guards skip running handleAuthAndExpectedErrors(...) which prevents auth/session handling (e.g., logout) on 401s; move the call to handleAuthAndExpectedErrors to execute before any UI-notification short-circuits (i.e., before the isAuthenticated check in the query path where lastErrorMessageRef.current is set, and before the showError/isAuthenticated short-circuits in the mutation path), and only then apply UI notification logic and reset lastErrorMessageRef.current as needed; ensure calls reference the existing handleAuthAndExpectedErrors function and preserve current arguments so logout() and auth-client flows run even when UI notifications are suppressed.console/workspaces/libs/api-client/src/utils/utils.ts (1)
42-47:⚠️ Potential issue | 🟡 MinorRemove the stale refresh docblock at lines 42–46.
This docblock describes token refresh logic that no longer exists in the implementation. The
http*helpers now simply throw on non-OK responses without attempting any refresh. Remove the orphaned comment.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@console/workspaces/libs/api-client/src/utils/utils.ts` around lines 42 - 47, Remove the stale docblock describing token refresh behavior from utils.ts (the comment block above the http* helper implementations such as httpGet/httpPost/httpFetch helpers) because those helpers no longer perform token refresh and now just throw on non-OK responses; delete the entire orphaned comment lines 42–46 so the documentation matches the current implementation.
🧹 Nitpick comments (3)
deployments/helm-charts/wso2-agent-manager/values.yaml (1)
253-255: Consider using a Kubernetes Secret forclientSecretwhen non-empty.For public SPA clients, an empty
clientSecretis appropriate. However, if a confidential client is ever configured with a real secret, storing it in a ConfigMap (as shown in the referencedconfigmap.yamlcontext snippet) would expose it in plain text.Consider adding conditional logic to inject
clientSecretfrom a Kubernetes Secret (referenced viaexistingSecretlike other sensitive values in this chart) when a non-empty value is needed.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@deployments/helm-charts/wso2-agent-manager/values.yaml` around lines 253 - 255, Add support for sourcing the OAuth client secret from a Kubernetes Secret instead of embedding it in values.yaml: introduce an optional values key (e.g., existingSecret or clientSecretSecret) and update the template that renders clientSecret (the place that currently uses .Values.clientSecret) to conditionally read the secret value from the referenced Secret (via lookup or secretKeyRef) when existingSecret is provided and fall back to the empty/plain value otherwise; ensure the symbols to change include clientSecret in values.yaml and the template that builds configmap.yaml or deployment env/volume where clientSecret is used.console/workspaces/libs/auth/src/asgardio/AuthProvider.tsx (1)
31-31: The cast hides config-shape regressions.
authConfig as AsgardeoProviderPropsturns off type-checking exactly where all auth keys were renamed. IfglobalConfig.authConfigstill carries a stale field or misses a required one, this will fail only at runtime. Prefer typingauthConfigat the source or building an explicitAsgardeoProviderPropsobject here.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@console/workspaces/libs/auth/src/asgardio/AuthProvider.tsx` at line 31, The code is silencing type-checking by casting authConfig to AsgardeoProviderProps when rendering <AsgardeoProvider {...(authConfig as AsgardeoProviderProps)}>; instead, stop using the cast and ensure authConfig is correctly typed at its source (e.g., the globalConfig.authConfig declaration) or build an explicit AsgardeoProviderProps object here by mapping required fields (clientID, baseUrl, etc.) from authConfig into a new object and pass that to AsgardeoProvider so missing/renamed fields are caught at compile time.console/apps/webapp/public/config.js (1)
37-37: Self-comparison always evaluates totrue.
'true' === 'true'is a constant expression that always returnstrue. Looking at this file's purpose (local dev config), this is likely intentional to disable auth during development. However, if this pattern is meant to mirror the template file's'%%DISABLE_AUTH%%' === 'true'substitution, the placeholder should be used here too for consistency, or simply usetruedirectly.- disableAuth: 'true' === 'true', + disableAuth: true,🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@console/apps/webapp/public/config.js` at line 37, The line setting disableAuth uses a self-comparison ('true' === 'true') which is always true; replace it so intent is clear: either set disableAuth to the boolean true directly or restore the substitution placeholder pattern (e.g., use the template token like '%%DISABLE_AUTH%%' === 'true') so the value can be overridden by build/dev tooling; update the disableAuth assignment accordingly in this file (symbol: disableAuth).
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@console/apps/webapp/public/config.template.js`:
- Around line 23-24: The runtime template is injecting the confidential
AUTH_CLIENT_SECRET into the browser (via window.__RUNTIME_CONFIG__), which
exposes the OAuth client secret; remove the clientSecret injection and instead
ensure only non-sensitive OAuth client configuration is emitted to the SPA by
deleting the "...('$AUTH_CLIENT_SECRET'.trim() ? { clientSecret:
'$AUTH_CLIENT_SECRET' } : {})," expression in the template, and if a
confidential flow is required, move secret usage to a server/BFF endpoint (use
AUTH_CLIENT_SECRET only on the server side, not in the client runtime config).
In `@console/apps/webapp/src/pages/Login/Login.tsx`:
- Line 65: The guard "if (isAuthenticated || userInfo?.username)" is unreliable
because username is optional; update the condition to detect a valid profile or
authentication more robustly (e.g., "if (isAuthenticated || userInfo)" or "if
(isAuthenticated || userInfo?.sub || userInfo?.email)") so the effect will
redirect/restart login correctly even when username is missing; locate the check
using the identifiers isAuthenticated, userInfo and isOAuthCallback and replace
the username-specific test with a presence check on the profile or a stable
claim like sub/email.
In `@console/workspaces/libs/auth/src/asgardio/hooks/authHooks.ts`:
- Around line 75-78: The exported hook mapping assigns getToken: getAccessToken
and trySignInSilently: signInSilently but those can be undefined when
useAsgardeo() returns an empty object; add safe fallbacks by wrapping or
replacing getAccessToken and signInSilently with functions that return a
rejected Promise (or a resolved default) so getToken() and trySignInSilently()
always exist; update the mapping in authHooks.ts to reference these fallback
functions (e.g., safeGetAccessToken and safeSignInSilently) so callers of
getToken and trySignInSilently won't hit TypeError.
- Around line 42-45: Remove the nullish coalescing fallback on useAsgardeo so
the hook can throw when the AsgardeoProvider is missing: replace the
destructuring that does "} = useAsgardeo() ?? {}" with a direct call "} =
useAsgardeo()" so variables like isSignedIn, isLoading, and isInitialized come
from the hook directly and provider-misconfiguration errors surface as intended.
- Around line 59-68: In handleLogout, remove the manual redirect inside the try
block: call await signOut?.() and do not call
window.location.assign(fallbackUrl) because signOut (from `@asgardeo/react`)
handles redirect to authConfig.afterSignOutUrl automatically; keep the catch
block which still assigns "/login" on error and leave the dependency array
[signOut, authConfig] as is.
---
Outside diff comments:
In `@console/workspaces/libs/api-client/src/hooks/react-query-notifications.ts`:
- Around line 147-150: The early-return guards skip running
handleAuthAndExpectedErrors(...) which prevents auth/session handling (e.g.,
logout) on 401s; move the call to handleAuthAndExpectedErrors to execute before
any UI-notification short-circuits (i.e., before the isAuthenticated check in
the query path where lastErrorMessageRef.current is set, and before the
showError/isAuthenticated short-circuits in the mutation path), and only then
apply UI notification logic and reset lastErrorMessageRef.current as needed;
ensure calls reference the existing handleAuthAndExpectedErrors function and
preserve current arguments so logout() and auth-client flows run even when UI
notifications are suppressed.
In `@console/workspaces/libs/api-client/src/utils/utils.ts`:
- Around line 42-47: Remove the stale docblock describing token refresh behavior
from utils.ts (the comment block above the http* helper implementations such as
httpGet/httpPost/httpFetch helpers) because those helpers no longer perform
token refresh and now just throw on non-OK responses; delete the entire orphaned
comment lines 42–46 so the documentation matches the current implementation.
---
Nitpick comments:
In `@console/apps/webapp/public/config.js`:
- Line 37: The line setting disableAuth uses a self-comparison ('true' ===
'true') which is always true; replace it so intent is clear: either set
disableAuth to the boolean true directly or restore the substitution placeholder
pattern (e.g., use the template token like '%%DISABLE_AUTH%%' === 'true') so the
value can be overridden by build/dev tooling; update the disableAuth assignment
accordingly in this file (symbol: disableAuth).
In `@console/workspaces/libs/auth/src/asgardio/AuthProvider.tsx`:
- Line 31: The code is silencing type-checking by casting authConfig to
AsgardeoProviderProps when rendering <AsgardeoProvider {...(authConfig as
AsgardeoProviderProps)}>; instead, stop using the cast and ensure authConfig is
correctly typed at its source (e.g., the globalConfig.authConfig declaration) or
build an explicit AsgardeoProviderProps object here by mapping required fields
(clientID, baseUrl, etc.) from authConfig into a new object and pass that to
AsgardeoProvider so missing/renamed fields are caught at compile time.
In `@deployments/helm-charts/wso2-agent-manager/values.yaml`:
- Around line 253-255: Add support for sourcing the OAuth client secret from a
Kubernetes Secret instead of embedding it in values.yaml: introduce an optional
values key (e.g., existingSecret or clientSecretSecret) and update the template
that renders clientSecret (the place that currently uses .Values.clientSecret)
to conditionally read the secret value from the referenced Secret (via lookup or
secretKeyRef) when existingSecret is provided and fall back to the empty/plain
value otherwise; ensure the symbols to change include clientSecret in
values.yaml and the template that builds configmap.yaml or deployment env/volume
where clientSecret is used.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: 13b73962-74e8-448a-912f-f67cf0f85313
⛔ Files ignored due to path filters (1)
console/common/config/rush/pnpm-lock.yamlis excluded by!**/pnpm-lock.yaml
📒 Files selected for processing (19)
console/apps/webapp/package.jsonconsole/apps/webapp/public/config.jsconsole/apps/webapp/public/config.template.jsconsole/apps/webapp/src/Layouts/userMenuItems.tsxconsole/apps/webapp/src/pages/Login/Login.tsxconsole/env.exampleconsole/workspaces/libs/api-client/package.jsonconsole/workspaces/libs/api-client/src/hooks/react-query-notifications.tsconsole/workspaces/libs/api-client/src/hooks/traces.tsconsole/workspaces/libs/api-client/src/utils/utils.tsconsole/workspaces/libs/auth/package.jsonconsole/workspaces/libs/auth/src/asgardio/AuthProvider.tsxconsole/workspaces/libs/auth/src/asgardio/hooks/authHooks.tsconsole/workspaces/libs/auth/src/index.tsconsole/workspaces/libs/auth/src/no-auth/hooks/authHooks.tsconsole/workspaces/libs/types/package.jsonconsole/workspaces/libs/types/src/config/index.tsdeployments/helm-charts/wso2-agent-manager/templates/console/configmap.yamldeployments/helm-charts/wso2-agent-manager/values.yaml
💤 Files with no reviewable changes (1)
- console/workspaces/libs/auth/src/no-auth/hooks/authHooks.ts
Contributor
There was a problem hiding this comment.
Actionable comments posted: 2
♻️ Duplicate comments (2)
console/workspaces/libs/auth/src/asgardio/hooks/authHooks.ts (2)
59-63:⚠️ Potential issue | 🟠 MajorAvoid manual redirect immediately after
signOut().Line 63 can cause a second redirect after the SDK-managed logout redirect, producing flaky navigation. Keep
/loginassignment only in the error path.Suggested change
const handleLogout = useCallback(async () => { try { - await signOut?.(); - const fallbackUrl = authConfig?.afterSignOutUrl || "/login"; - window.location.assign(fallbackUrl); + await signOut(); } catch (error) { window.location.assign("/login"); console.error("Error during signOut:", error); } - }, [signOut, authConfig]); + }, [signOut]);🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@console/workspaces/libs/auth/src/asgardio/hooks/authHooks.ts` around lines 59 - 63, handleLogout currently forces window.location.assign(fallbackUrl) unconditionally after awaiting signOut, which can clash with the SDK's own logout redirect; change it so the fallback redirect only runs when signOut is not provided or when signOut throws. Update the handleLogout function to: (1) check if signOut is falsy and immediately assign authConfig?.afterSignOutUrl || "/login", and (2) keep the existing try/catch and in the catch block call window.location.assign(authConfig?.afterSignOutUrl || "/login") to handle error/fallback cases; remove the unconditional window.location.assign inside the successful try path. Ensure references: handleLogout, signOut, authConfig?.afterSignOutUrl, and window.location.assign.
45-45:⚠️ Potential issue | 🟠 MajorRemove the
useAsgardeo() ?? {}fallback; it weakens the hook contract.Line 45 hides provider misconfiguration and forces optional auth methods, which leaks into Line 75 and Line 78 where
AuthHooksexpects always-callable functions. UseuseAsgardeo()directly and return guaranteed functions.Suggested change
- } = useAsgardeo() ?? {}; + } = useAsgardeo(); const customLogin = () => { - void signIn?.(); + void signIn(); }; ... - getToken: getAccessToken, + getToken: getAccessToken, ... - trySignInSilently: signInSilently, + trySignInSilently: signInSilently,Also applies to: 56-57, 75-79
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@console/workspaces/libs/auth/src/asgardio/hooks/authHooks.ts` at line 45, Remove the "?? {}" fallback and call useAsgardeo() directly (e.g., const asgardeo = useAsgardeo()), then either throw or assert if asgardeo is undefined so provider misconfiguration surfaces; destructure the required auth methods from that non-null asgardeo and ensure AuthHooks always returns callable functions (wrap or rethrow rather than returning undefined) so consumers of AuthHooks can rely on guaranteed functions.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@console/apps/webapp/public/config.js`:
- Line 37: The disableAuth property currently uses a self-comparison ('true' ===
'true') which is always true and triggers lint/suspicious/noSelfCompare; replace
that expression with the boolean literal true for disableAuth in config.js
(ensure the value is the boolean true, not the string "true" or an expression).
- Line 35: The config currently sets persistent token storage via the setting
"storage: 'localStorage'"; change this to "sessionStorage" to limit tokens to
the browser session (tab close clears them), or switch to the more secure
"webWorker" option for production to offload token handling to a worker. Update
the storage property in the exported config object (where "storage:
'localStorage'" appears) and verify the Asgardeo SDK is initialized with the new
value.
---
Duplicate comments:
In `@console/workspaces/libs/auth/src/asgardio/hooks/authHooks.ts`:
- Around line 59-63: handleLogout currently forces
window.location.assign(fallbackUrl) unconditionally after awaiting signOut,
which can clash with the SDK's own logout redirect; change it so the fallback
redirect only runs when signOut is not provided or when signOut throws. Update
the handleLogout function to: (1) check if signOut is falsy and immediately
assign authConfig?.afterSignOutUrl || "/login", and (2) keep the existing
try/catch and in the catch block call
window.location.assign(authConfig?.afterSignOutUrl || "/login") to handle
error/fallback cases; remove the unconditional window.location.assign inside the
successful try path. Ensure references: handleLogout, signOut,
authConfig?.afterSignOutUrl, and window.location.assign.
- Line 45: Remove the "?? {}" fallback and call useAsgardeo() directly (e.g.,
const asgardeo = useAsgardeo()), then either throw or assert if asgardeo is
undefined so provider misconfiguration surfaces; destructure the required auth
methods from that non-null asgardeo and ensure AuthHooks always returns callable
functions (wrap or rethrow rather than returning undefined) so consumers of
AuthHooks can rely on guaranteed functions.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: 28cc3610-babc-422e-a8f1-6ebc62d75c75
⛔ Files ignored due to path filters (1)
console/common/config/rush/pnpm-lock.yamlis excluded by!**/pnpm-lock.yaml
📒 Files selected for processing (19)
console/apps/webapp/package.jsonconsole/apps/webapp/public/config.jsconsole/apps/webapp/public/config.template.jsconsole/apps/webapp/src/Layouts/userMenuItems.tsxconsole/apps/webapp/src/pages/Login/Login.tsxconsole/env.exampleconsole/workspaces/libs/api-client/package.jsonconsole/workspaces/libs/api-client/src/hooks/react-query-notifications.tsconsole/workspaces/libs/api-client/src/hooks/traces.tsconsole/workspaces/libs/api-client/src/utils/utils.tsconsole/workspaces/libs/auth/package.jsonconsole/workspaces/libs/auth/src/asgardio/AuthProvider.tsxconsole/workspaces/libs/auth/src/asgardio/hooks/authHooks.tsconsole/workspaces/libs/auth/src/index.tsconsole/workspaces/libs/auth/src/no-auth/hooks/authHooks.tsconsole/workspaces/libs/types/package.jsonconsole/workspaces/libs/types/src/config/index.tsdeployments/helm-charts/wso2-agent-manager/templates/console/configmap.yamldeployments/helm-charts/wso2-agent-manager/values.yaml
💤 Files with no reviewable changes (1)
- console/workspaces/libs/auth/src/no-auth/hooks/authHooks.ts
✅ Files skipped from review due to trivial changes (9)
- console/workspaces/libs/api-client/src/hooks/traces.ts
- console/workspaces/libs/auth/package.json
- console/apps/webapp/package.json
- console/workspaces/libs/types/package.json
- console/apps/webapp/src/pages/Login/Login.tsx
- console/workspaces/libs/api-client/package.json
- deployments/helm-charts/wso2-agent-manager/templates/console/configmap.yaml
- console/apps/webapp/src/Layouts/userMenuItems.tsx
- console/env.example
🚧 Files skipped from review as they are similar to previous changes (7)
- console/workspaces/libs/api-client/src/utils/utils.ts
- deployments/helm-charts/wso2-agent-manager/values.yaml
- console/workspaces/libs/types/src/config/index.ts
- console/workspaces/libs/auth/src/index.ts
- console/workspaces/libs/auth/src/asgardio/AuthProvider.tsx
- console/workspaces/libs/api-client/src/hooks/react-query-notifications.ts
- console/apps/webapp/public/config.template.js
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Purpose
Fix: #599
Fix: #572
This pull request introduces a major update to authentication across the Agent Management Console, migrating from
@asgardeo/auth-reactto the new@asgardeo/reactpackage and refactoring configuration, environment variables, and authentication hooks accordingly. It also improves error handling for authentication/session failures, updates runtime configuration to support the new auth flow, and cleans up legacy token refresh logic.Authentication migration and configuration refactor:
@asgardeo/auth-reactto@asgardeo/reactin all relevant packages, updating dependencies and imports to use the new package. (console/apps/webapp/package.json[1]console/workspaces/libs/api-client/package.json[2] [3]console/workspaces/libs/auth/package.json[4]console/workspaces/libs/auth/src/asgardio/AuthProvider.tsx[5]console/workspaces/libs/auth/src/asgardio/hooks/authHooks.ts[6]config.jsandconfig.template.jsto use new property names (clientId,afterSignInUrl,afterSignOutUrl,scopes,platform,tokenValidation, etc.), and updated environment variable usage to match. (console/apps/webapp/public/config.js[1]console/apps/webapp/public/config.template.js[2]console/env.example[3]config.js.Authentication hooks and logic improvements:
useAuthHooksto use the new@asgardeo/reacthooks (useAsgardeo,useUser), simplifying state management, removing the legacy refresh token logic, and updating the logout flow to use the new config properties. (console/workspaces/libs/auth/src/asgardio/hooks/authHooks.tsconsole/workspaces/libs/auth/src/asgardio/hooks/authHooks.tsL19-R78)AuthProviderto useAsgardeoProviderinstead of the old provider and removed the custom token refresh setup. (console/workspaces/libs/auth/src/asgardio/AuthProvider.tsxconsole/workspaces/libs/auth/src/asgardio/AuthProvider.tsxL19-L52)Error handling and notification improvements:
logoutmethod fromuseAuthHooks. (console/workspaces/libs/api-client/src/hooks/react-query-notifications.ts[1] [2] [3] [4] [5] [6]Configuration and environment variable cleanup:
AUTH_CLIENT_SECRET,AUTH_SCOPES,VALIDATE_ID_TOKEN, andCLOCK_TOLERANCE. (console/env.example[1]console/apps/webapp/public/config.template.js[2]afterSignOutUrlin user menu, login redirect logic). (console/apps/webapp/src/Layouts/userMenuItems.tsx[1]console/apps/webapp/src/pages/Login/Login.tsx[2]Legacy code and minor cleanups:
console/workspaces/libs/api-client/src/utils/utils.ts[1] [2] [3] [4]console/workspaces/libs/api-client/package.json[1]console/workspaces/libs/api-client/src/hooks/react-query-notifications.ts[2]console/workspaces/libs/api-client/src/hooks/traces.ts[3]These changes collectively modernize authentication, improve error handling, and streamline configuration for future development.
Goals
Approach
User stories
Release note
Documentation
Training
Certification
Marketing
Automation tests
Security checks
Samples
Related PRs
Migrations (if applicable)
Test environment
Learning
Summary by CodeRabbit
New Features
Bug Fixes
Refactor