Custom auth/alban/react next sample app signin

[albanx]

1. Completed Sign In sample with NextJs
2. [Bug] Created Sign Up but not working due to missing exposure of submitCode in the result.state
3. Removed correlationId from Fetch client because it is present already in the header
4. Removed HTTPS checks in SDK, it is not needed to be handled by JS and blocks local development

[shenj]

IMO, it is better to use following check in the if (xxx).
if (result.state?.type === SignInState.Failed)

[albanx]

If I check state as above this causes a type check error (for the reasons widely discussed in the chat today). This happens because the result.error is ambiguous due to the polymorphic type of result:

[shenj]

I didn't see any problem.

[albanx]

Check SignUp return result not signIn

[shenj]

Here is the signup:

[shenj]

There is no need the type catch here since the SDK is guaranteed no error thrown

[albanx]

there is a await promise resolve there, meaning that the try catch is a must of the promise rejects

[shenj]

Afaik, the promise rejection only occurs if an error is thrown and not caught inside the method. But as I said, any API in this SDK is guaranteed no error thrown.

[albanx]

A JavaScript promise has 2 statuses: resolve, reject.
The compiler or javascript cannot know that the SDK internally handles all errors of that away reject.
Without the try-catch, any error of the promise would cause the function to immediately throw an exception and potentially crash.

[albanx]

https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/await#handling_rejected_promises

[shenj]

I didn't get it. If we guarantee the API will never reject the promise or throw an error, is the try catch still necessary?

[albanx]

You can guarantee it, but JavaScript engine cannot know it. No developer can know it, unless the read the source of the SDK itself.
If I read await something -> that means it can throw an exception.

[shenj]

Instead of using any here, It can set as SignInCompleted | SignInFailed | SignInCodeRequired | SignInPasswordRequired.

[albanx]

This points out the point I was making, in terms of S of SOLID.
flowState has many responsibilities and if we update the SDK with a new state, the engineer have to update his integration code, resulting in breaking the backward compatibility exactly because it is breaking the O of open close.

[albanx]

I tried this does not work

[shenj]

Why it doesn't work? Also we can consider using the AuthFlowStateBase since it is better than any.

[shenj]

Similar suggestion: can we use the base class AuthFlowStateBase or SignUpCompleted | SignUpFailed | SignUpCodeRequired | SignUpPasswordRequired | SignUpAttributesRequired to replace any?

[shenj]

Do you think we can move this sample app into the repo Kaushik suggested? I am planning the create the PR to MSAL for JS team soon for checking in the changes into the dev branch. If it is possible, it is better to exclude the sample app in that PR.

[albanx]

Do you think we can move this sample app into the repo Kaushik suggested? I am planning the create the PR to MSAL for JS team soon for checking in the changes into the dev branch. If it is possible, it is better to exclude the sample app in that PR.

Yes I have moved them partially, not the last version. Otherwise I cannot run them in the repo until the package is published.

[shenj]

Maybe I misunderstood, but any reason why you didn't use the handleError function you defined in the utils/index.ts?

[shenj]

As discussed earlier, can you double check whether flowState.submitCode(code) is working?

[albanx]

I have ran the sign in different times, it works, unless there has been some recent updates.

[shenj]

Do you think it is better to use the state base class AuthFlowStateBase to replace any?

[shenj]

Or use SignInCompleted | SignInFailed | SignInCodeRequired | SignInPasswordRequired?

[albanx]

Can be AuthFlowStateBase , the later one I really do not recommend. This is how developer experience will look with the latest:
const [flowState, SetFlowState] = useState< checking docs

I see SignInCompleted , perfect
const [flowState, SetFlowState] = useState<SignInCompleted>(null)

Ahh wait there is more
const [flowState, SetFlowState] = useState<SignInCompleted | SignInFailed>(null)

no wait more types in or

const [flowState, SetFlowState] = useState<SignInCompleted | SignInFailed | SignInCodeRequired >(null)
(how many possible types in OR I should have, I have to check all of them and find out by reading a long boring documentation)

1 month after the SDK releseas version 2.0 ... Ah crap I have to update all my code again

const [flowState, SetFlowState] = useState<SignInCompleted | SignInFailed | SignInCodeRequired | **ANewSignInState** >(null)

if (flowState instanceOf SignInCompleted)
if (flowState instanceOf SignInFailed )
if (flowState instanceOf SignInCodeRequired )
**if (flowState instanceOf ANewSignInState)**

[shenj]

IMHO, the app can be shared cross the whole application for sign-in, sign-up and sspr. Is it possible we can use the single instance of app in this sample app?

[albanx]

There is no point and need to share the same app instance for different flows that are not connected in the lifecycle of an app. Imagine Sign Up , Sign In and SSPR as different flows that are separated in time and usage , as it happens in every app (a user does not go through the all flows in the same app cycle). Making this flows sharing the same instance it kind of tight them together for no reason.

[shenj]

May I ask why we don't have the PasswordForm?

[albanx]

This is SignUp with OTP does not asks for password which I based on the past samples. That is the configuration of the sample tenant. I can add the password field but it will be optional

[microsoft-github-policy-service]

Reminder: This PR appears to be stale. If this PR is still a work in progress please mark as draft.