Major Changes
- Implement new
authExchangeAPI, which removes the need for anauthState(i.e. an internal authentication state) and removesgetAuth, replacing it with a separaterefreshAuthflow.
The new API requires you to now pass an initializer function. This function receives autils
object withutils.mutateandutils.appendHeadersutility methods.
It must return the configuration object, wrapped in a promise, and this configuration is similar to
what we had before, if you're migrating to this. ItsrefreshAuthmethod is now only called after
authentication errors occur and not on initialization. Instead, it's now recommended that you write
your initialization logic in-line.Submitted by @kitten (See #3012)authExchange(async utils => { let token = localStorage.getItem('token'); let refreshToken = localStorage.getItem('refreshToken'); return { addAuthToOperation(operation) { return utils.appendHeaders(operation, { Authorization: `Bearer ${token}`, }); }, didAuthError(error) { return error.graphQLErrors.some( e => e.extensions?.code === 'FORBIDDEN' ); }, async refreshAuth() { const result = await utils.mutate(REFRESH, { token }); if (result.data?.refreshLogin) { token = result.data.refreshLogin.token; refreshToken = result.data.refreshLogin.refreshToken; localStorage.setItem('token', token); localStorage.setItem('refreshToken', refreshToken); } }, }; });
Patch Changes
- ⚠️ Fix
willAuthErrornot being called for operations that are waiting on the authentication state to update. This can actually lead to a common issue where operations that came in during the authentication initialization (on startup) will never havewillAuthErrorcalled on them. This can cause an easy mistake where the initial authentication state is never checked to be valid
Submitted by @kitten (See #3017) - Updated dependencies (See #3007, #2962, #3007, #3015, and #3022)
- @urql/core@3.2.0