Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SDK] Authentication arguments inconsistency #22193

Open
Sandros94 opened this issue Apr 14, 2024 · 1 comment
Open

[SDK] Authentication arguments inconsistency #22193

Sandros94 opened this issue Apr 14, 2024 · 1 comment
Labels
🍰 Improvement 📁 Documentation 📁 SDK

Comments

@Sandros94
Copy link

Sandros94 commented Apr 14, 2024
edited by br41nslug

Describe the Bug

Currently the Authentication via SDK has some inconsistencies. To be more precise the issue is with both operation arguments as well as defaults used for each one (for now I can confirm with rest, but also auth isn't clear):

Description

I'll separate the Rest description form the Auth questions

Rest

login:

Code defaults to cookie (as it should)

directus/sdk/src/rest/commands/auth/login.ts

Line 24 in 75c03bd

data['mode'] = options.mode ?? 'cookie';

While docs say json

Screenshot

logout and refresh

Both correctly defaults to cookie, no docs info (assuming json as login), but also the order of the arguments is inconsistent.
Which comes first, the chicken or the egg?
Also the body: JSON.stringify(....) is inconsistent, causing potential developer error in making the refresh work, but not the logout (and vice versa).

directus/sdk/src/rest/commands/auth/logout.ts

Lines 12 to 18 in 75c03bd

export const logout =
<Schema extends object>(refresh_token?: string, mode: AuthenticationMode = 'cookie'): RestCommand<void, Schema> =>
() => ({
path: '/auth/logout',
method: 'POST',
body: JSON.stringify(refresh_token ? { refresh_token, mode } : { mode }),
});

directus/sdk/src/rest/commands/auth/refresh.ts

Lines 12 to 21 in 75c03bd

export const refresh =
<Schema extends object>(
mode: AuthenticationMode = 'cookie',
refresh_token?: string,
): RestCommand<AuthenticationData, Schema> =>
() => ({
path: '/auth/refresh',
method: 'POST',
body: JSON.stringify(mode === 'json' ? { refresh_token, mode } : { mode }),
});

Auth

login's mode vs logout and refresh

In the auth's login the mode can be manually overwritten, but what would be the advantage if it cannot be also overwritten for logout and refresh? Wouldn't this cause inability for neither refreshing nor invalidating user's sessions if the developer erroneously edited the mode during login?

To Reproduce

These issues were original discussed inside the nuxt-directus#254 issue. But only now confirmed as I finally have noticed my error in the order of arguments for refresh and logout, and documentation declaring a different default.

Directus Version

v10.10.5

Hosting Strategy

Self-Hosted (Docker Image)
@br41nslug
Copy link
Member

Some good points of inconsistencies that have cropped up over time. A small disclaimer the linked docs pages under "API reference" were written for the API not the SDK and while they have a lot of overlap if there are conflicting defaults we have no good place to document that currently.

image
The default being cookie in the SDK is actually the error here as it is correctly documented to be json for the API but a different decision was made for the SDK early on which requires a breaking change to fix and misses a place to properly document that beyond the auto-generated reference in the documentation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
🍰 Improvement 📁 Documentation 📁 SDK
Projects
Software Roadmap
Status: 📋 Backlog
Milestone
No milestone
Development

No branches or pull requests
2 participants
@br41nslug @Sandros94