Merge pull request #798 from auth0/jose4

[SDK-3570] Upgrade to Jose@4
auth0 · Sep 7, 2022 · b4e96e5 · b4e96e5
2 parents f8ceb4f + 78f91e1
commit b4e96e5
Show file tree

Hide file tree

Showing 39 changed files with 534 additions and 511 deletions.
diff --git a/V2_MIGRATION_GUIDE.md b/V2_MIGRATION_GUIDE.md
@@ -2,10 +2,37 @@
 
 Guide to migrating from `1.x` to `2.x`
 
+- [`getSession` now returns a `Promise`](#getsession-now-returns-a-promise)
 - [`updateUser` has been added](#updateuser-has-been-added)
 - [`getServerSidePropsWrapper` has been removed](#getserversidepropswrapper-has-been-removed)
 - [Profile API route no longer returns a 401](#profile-api-route-no-longer-returns-a-401)
 
+## `getSession` now returns a `Promise`
+
+### Before
+
+```js
+// /pages/api/my-api
+import { getSession } from '@auth0/nextjs-auth0';
+
+function myApiRoute(req, res) {
+  const session = getSession(req, res);
+  // ...
+}
+```
+
+### After
+
+```js
+// /pages/api/my-api
+import { getSession } from '@auth0/nextjs-auth0';
+
+async function myApiRoute(req, res) {
+  const session = await getSession(req, res);
+  // ...
+}
+```
+
 ## `updateUser` has been added
 
 ### Before
@@ -29,17 +56,17 @@ function myApiRoute(req, res) {
 
 We've introduced a new `updateUser` method which must be explicitly invoked in order to update the session's user.
 
-This will immediately serialise the session and write it to the cookie.
+This will immediately serialise the session, write it to the cookie and return a `Promise`.
 
 ```js
 // /pages/api/update-user
 import { getSession, updateUser } from '@auth0/nextjs-auth0';
 
-function myApiRoute(req, res) {
-  const { user } = getSession(req, res);
+async function myApiRoute(req, res) {
+  const { user } = await getSession(req, res);
   // The session is updated, serialized and the cookie is updated
   // everytime you call `updateUser`.
-  updateUser(req, res, { ...user, foo: 'bar' });
+  await updateUser(req, res, { ...user, foo: 'bar' });
   res.json({ success: true });
 }
 ```
@@ -51,7 +78,7 @@ Because the process of modifying the session is now explicit, you no longer have
 ### Before
 
 ```js
-export const getServerSideProps = getServerSidePropsWrapper(async (ctx) => {
+export const getServerSideProps = getServerSidePropsWrapper((ctx) => {
   const session = getSession(ctx.req, ctx.res);
   if (session) {
     // User is authenticated
@@ -65,7 +92,7 @@ export const getServerSideProps = getServerSidePropsWrapper(async (ctx) => {
 
 ```js
 export const getServerSideProps = async (ctx) => {
-  const session = getSession(ctx.req, ctx.res);
+  const session = await getSession(ctx.req, ctx.res);
   if (session) {
     // User is authenticated
   } else {

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -107,13 +107,12 @@
     "typescript": "^4.1.3"
   },
   "dependencies": {
-    "base64url": "^3.0.1",
+    "@panva/hkdf": "^1.0.2",
     "cookie": "^0.5.0",
     "debug": "^4.3.4",
-    "futoin-hkdf": "^1.5.0",
     "http-errors": "^1.8.1",
     "joi": "^17.6.0",
-    "jose": "^2.0.5",
+    "jose": "^4.9.2",
     "openid-client": "^4.9.1",
     "tslib": "^2.4.0",
     "url-join": "^4.0.1"