fix: use fresh user data when refreshing sessions#36
Conversation
Previously, refreshSession and updateSession preserved stale user and impersonator data from existing sessions instead of using the fresh data returned by the WorkOS authenticateWithRefreshToken API. This could lead to outdated user information persisting after token refreshes. Now both functions use the current user and impersonator data from the API response, ensuring sessions stay up-to-date with any changes. Fixes #35
There was a problem hiding this comment.
Greptile Summary
This PR fixes a critical bug in the AuthKit React Router library where session refresh operations were using stale user data instead of fresh data from the WorkOS API. The issue affected both refreshSession and updateSession functions in src/session.ts, which were incorrectly preserving user and impersonator data from the existing session rather than utilizing the updated information returned by the WorkOS authenticateWithRefreshToken API call.
The fix involves properly destructuring and using the user and impersonator fields from the API response when creating new session objects. This ensures that any changes to user attributes (like firstName, lastName, or email verification status) or impersonation status are immediately reflected in the refreshed session, maintaining data consistency between the WorkOS backend and the client-side session state.
The changes also include updates to the test mocks in src/session.spec.ts to properly simulate the complete API response structure, including user data, which ensures the tests accurately validate the fix and prevent regression of this issue.
Confidence score: 5/5
- This PR is extremely safe to merge with minimal risk of causing any issues
- Score reflects simple, well-tested bug fix that aligns with expected API behavior and follows established patterns
- No files require special attention as the changes are straightforward and well-validated
2 files reviewed, 1 comment
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
Summary
Fixes an issue where
refreshSessionandupdateSessionwere preserving stale user and impersonator data from existing sessions instead of using the fresh data returned by the WorkOSauthenticateWithRefreshTokenAPI.Changes
refreshSessionandupdateSessionto use current user/impersonator data from the API responseTest Plan
Fixes #35