0.8.1 release: expired connectAccessToken auto-recover#102
Merged
Conversation
Bumps `version` to 0.8.1, the `VERSION` constants in `SDK.tsx` and `sdk-core.tsx` (these get baked into the build outputs and surface in the console banner), and the CDN URL examples in `docs/quickstart.md`, `docs/client-usage.md`, and `sdk-hook/docs/README.md` to `sdk-v-0.8.1.js`. CHANGELOG entry covers the new optional `connectAccessTokenRefreshFn` + `onConnectAccessTokenExpired` init options + the `tpastream-connect-token-expired` window event. README's Version header and highlights section get a 0.8.1 entry above the existing 0.8.0 block. Strictly additive on the wire and at the init() call site; integrations that don't opt into the new hooks see no behavior change.
There was a problem hiding this comment.
Pull request overview
Straightforward 0.8.1 version bump release PR. Bumps version strings in package metadata and bundle constants, updates CDN URL examples in docs from 0.8.0 to 0.8.1, and adds README/CHANGELOG entries describing the new expired-token auto-recover feature from #101 (the behavior change itself is not in this diff).
Changes:
- Version bump to
0.8.1inpackage.json,package-lock.json, and theVERSIONconstants baked into the SDK bundles. - Documentation refresh (README highlights, CHANGELOG entry, CDN URL examples in quickstart/client-usage/sdk-hook README).
Reviewed changes
Copilot reviewed 8 out of 9 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| package.json | Bump version to 0.8.1. |
| package-lock.json | Bump lockfile version to 0.8.1. |
| assets/sdk/entries/sdk-core.tsx | Update VERSION constant to '0.8.1'. |
| assets/sdk/components/SDK.tsx | Update VERSION constant to '0.8.1'. |
| README.md | Add 0.8.1 entry under ## Version and a 0.8.1 highlights block. |
| CHANGELOG.md | Add 0.8.1 entry describing the expired-token auto-recover feature. |
| docs/quickstart.md | Bump pinned CDN URL example to sdk-v-0.8.1.js. |
| docs/client-usage.md | Bump current pinned CDN URL and list 0.8.0 as previous pinned version. |
| sdk-hook/docs/README.md | Bump CDN URL example to sdk-v-0.8.1.js. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
CHANGELOG re-framed to be honest about what 0.8.1 delivers without customer config (cleaner error message) versus what requires opt-in (transparent auto-recover via `connectAccessTokenRefreshFn`, or "session expired" UI via `onConnectAccessTokenExpired`). README's 0.8.1 header + highlights mirror the same framing. New section in `docs/connect-access-token.md`: "Refreshing an expired token (0.8.1+)" — covers the why (secret key can't be in browser code, so the SDK can't mint tokens on its own), a Flask example endpoint, an Express example, the SDK-side `connectAccessTokenRefreshFn` wiring, and a fallback for hosts that can't add a refresh endpoint (use `onConnectAccessTokenExpired` to prompt the member to reload).
The Flask + Express snippets weren't representative of the actual customer mix — a lot of integrations run on .NET. Adds an ASP.NET Core example using `IHttpClientFactory` + `PostAsJsonAsync` and a brief note that the pattern (authenticated POST proxying to `app.tpastream.com/api/create-connect-token`) is the same in every backend, with PHP/Ruby/Go/Java implied.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Release prep for
[email protected].Scope of 0.8.1
The only behavior change relative to 0.8.0 is the expired-token recovery wiring (the auto-recover interceptor shipped in #101). New optional init options:
connectAccessTokenRefreshFn?: () => Promise<string>— transparent refresh + retry on the SDK's sideonConnectAccessTokenExpired?: () => void— fires when no refresh hook is wired or it rejectsAlso dispatches a
tpastream-connect-token-expiredCustomEvent onwindow. Strictly additive — integrations that don't opt in see no behavior change beyond a slightly cleaner server-side error message on expiry.What this PR ships
0.8.1(package.json+package-lock.jsonvianpm version)VERSIONconstants inassets/sdk/components/SDK.tsxandassets/sdk/entries/sdk-core.tsx(these get baked into bundle output; surface in theTPAStream Connect SDK v0.8.1console banner)docs/quickstart.md,docs/client-usage.md, andsdk-hook/docs/README.mdupdated fromsdk-v-0.8.0.jstosdk-v-0.8.1.js## Versionheader + a new### 0.8.1 highlightsblock above the existing 0.8.0 sectionCHANGELOG.md0.8.1 entry — re-framed after self-review to be explicit about what works without customer config (cleaner error message) vs what requires opt-in (transparent recovery)## Refreshing an expired token (0.8.1+)section indocs/connect-access-token.mdcovering:connectAccessTokenRefreshFnwiringonConnectAccessTokenExpiredto prompt a reload)Release blocked on companion verification
The
/sdk-testsandbox is the end-to-end demonstration the docs reference. It needs the newconnectAccessTokenRefreshFnwired against a server-side refresh endpoint before this release is honest about what it delivers. That companion change lives in the stream-side repo and is verified working locally; both need to merge beforenpm publish.Release flow after merge
npm install && npm run buildin master (regeneratessdk.js+sdk-headless.jswithVERSION = '0.8.1'baked in).npm publish(TTY required for the 2FA passkey).sdk-v-0.8.1.js(same pattern as the 0.8.0 bake — package.json versioned alias + webpack entry + thin wrapper JSX).Test plan
tsc,biome check).npm pack --dry-runshows the tarball at0.8.1with the rebuilt bundles.npm view [email protected]resolves and the shasum matches the local pack.