Site Home
Changelog
LoginTry for Free
Back to All
improved

SDK Auto-Configuration for Express!

4 days ago by Jim Verducci

πŸ“£ Express Auth SDK 4.1.0 Release πŸŽ‰

There were several enhancements to the Express Auth SDK with this release. Please refer to the GitHub README for updated documentation and details.

Below is a summary of all changes:

  • The all new SDK auto-configuration functionality is now available for the Express Auth SDK. It supports both lazy and eager auto-configuration. Auto-configuration is enabled by default and will fetch missing configuration values from the Wristband SDK Configuration Endpoint when any auth method is first called. Manual configuration values take precedence over auto-configured values. Set autoConfigureEnabled: false in the AuthConfig to disable.
  • The async discoverWristbandAuth() function can be used to eager-load SDK configurations from the Wristband SDK Configuration Endpoint on server startup.
  • The AuthConfig class can now take an optional tokenExpirationBuffer configuration. This buffer time (in seconds) gets subtracted from the access token’s expiration time. This causes the token to be treated as expired before its actual expiration, helping to avoid token expiration during API calls. The default value is 60 seconds if not explicitly configured.
  • The CallbackData and TokenData types now return an expiresAt field. This is the absolute expiration time of the access token in milliseconds since the Unix epoch. The tokenExpirationBuffer configuration is accounted for in this value. Developers no longer need to calculate this value in their own app code.
  • The loginStateSecret config is no longer required. If not provided, it will default to using the client secret. For enhanced security, it is recommended to provide a value that is unique from the client secret. You can run openssl rand -base64 32 to create a secret from your CLI.
  • The LoginConfig class for the login() function now supports a returnUrl field. If a value is provided, then it takes precedence over the existing return_url request query parameter. This new login config provides the same functionality as the existing query parameter approach.
  • The LogoutConfig class for the logout() function now supports a state field. This is an optional value that allows you to preserve application state through the logout flow when redirecting to the Wristband Logout Endpoint. If provided, it will be appended as a query parameter to the resolved logout URL. Maximum length of 512 characters. This is useful for tracking logout context, displaying post-logout messages, or handling different logout scenarios.