Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor(adapter-nextjs): remove redundant clockDrift cookie #14114

Merged
merged 1 commit into from
Jan 7, 2025
Merged

refactor(adapter-nextjs): remove redundant clockDrift cookie #14114

merged 1 commit into from
Jan 7, 2025

Conversation

HuiSF
Copy link
Member

@HuiSF HuiSF commented Jan 6, 2025

Description of changes

Reasons:

  1. token exachange is happening on a server - and production server rarely has wrong system time
  2. when setting token cookies from server, it uses Max-Age header which is relative to the client system time. Clock drift became irrelevant
  3. surely we can argue sever system time can go wrong too, however, a Next.js app API route can be executed on different servers (load balancing), there is no source of truth to generate a clock drift value

Issue #, if available

Description of how you validated changes

  • unit tests

Checklist

  • PR description included
  • yarn test passes
  • Unit Tests are changed or added
  • Relevant documentation is changed or added (and PR referenced)

Checklist for repo maintainers

  • Verify E2E tests for existing workflows are working as expected or add E2E tests for newly added workflows
  • New source file paths included in this PR have been added to CODEOWNERS, if appropriate

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@HuiSF
refactor(adapter-nextjs): remove redundant clockDrift cookie ⤵️
071e56c 
Reasons:
  1. token exachange is happening on a server - and production server rarely has wrong system time
  2. when setting token cookies from server, it uses Max-Age header which is relative to the client system time. Clock drift became irrelevant
  3. surely we can argue sever system time can go wrong too, however, a Next.js app API route can be executed on different servers (load balancing), there is no source of truth to generate a clock drift value
@HuiSF HuiSF force-pushed the hui/feat/server-auth/remove-clock-drift branch from 94110a1 to 071e56c Compare January 7, 2025 00:06
AllanZhengYP
AllanZhengYP approved these changes Jan 7, 2025
View reviewed changes
Copy link
Member

@AllanZhengYP AllanZhengYP left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I makes sense to me that we don't record clock drifts on SSR but still conform to it if it's otherwise from client-side.

@HuiSF HuiSF merged commit 0f3f2c0 into feat/server-auth/main Jan 7, 2025
28 checks passed
@HuiSF HuiSF deleted the hui/feat/server-auth/remove-clock-drift branch January 7, 2025 16:48
HuiSF added a commit that referenced this pull request Jan 9, 2025
@HuiSF
refactor(adapter-nextjs): remove redundant clockDrift cookie (#14114)
0512c23 
refactor(adapter-nextjs): remove redundant clockDrift cookie ⤵️

Reasons:
  1. token exachange is happening on a server - and production server rarely has wrong system time
  2. when setting token cookies from server, it uses Max-Age header which is relative to the client system time. Clock drift became irrelevant
  3. surely we can argue sever system time can go wrong too, however, a Next.js app API route can be executed on different servers (load balancing), there is no source of truth to generate a clock drift value
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AllanZhengYP AllanZhengYP AllanZhengYP approved these changes

@cshfang cshfang cshfang approved these changes

@sktimalsina sktimalsina Awaiting requested review from sktimalsina sktimalsina is a code owner

@pranavosu pranavosu Awaiting requested review from pranavosu pranavosu is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@HuiSF @cshfang @AllanZhengYP