Skip to content

feat: add onTokenSync hook for auth token re-sync#1001

Merged
janthurau merged 6 commits intoueberdosis:mainfrom
0xb4lamx:b4lamx/feat/init-token-sync
Oct 20, 2025
Merged

feat: add onTokenSync hook for auth token re-sync#1001
janthurau merged 6 commits intoueberdosis:mainfrom
0xb4lamx:b4lamx/feat/init-token-sync

Conversation

@0xb4lamx
Copy link
Contributor

@0xb4lamx 0xb4lamx commented Oct 2, 2025
edited
Loading

Problem

Currently, Hocuspocus only validates user authentication during the initial handshake. If a user's token expires, or permissions change while they have an active connection, they can continue editing documents until they reconnect.

Solution

This PR suggests the first step towards "periodic" reauth (ref: #752) by adding a token synchronization mechanism. The server can now request the current token from any connected provider, enabling validation of user permissions without requiring a full reconnection.

Changes

  • sendToken() - Provider method to send current token to server
  • requestToken() - Server method to request token from provider
  • onTokenSync hook - Server hook triggered when token is received
  • TokenSync message type - New message type for token synchronization

Looking for Feedback

  • any concerns about the flow or hook naming?
  • should we add additional error handling for token validation failures?
    • should onTokenSync hook failures trigger disconnection?
    • what happens if provider doesn't respond to requestToken()?
  • documentation needs to be added for the new onTokenSync hook
  • no built-in periodic validation yet (still could be implemented outside of Hocuspocus context...)

@0xb4lamx 0xb4lamx mentioned this pull request Oct 2, 2025
Open
@0xb4lamx 0xb4lamx changed the title feat: add onTokenSync hook for periodic token validation feat: add onTokenSync hook for auth token re-sync Oct 2, 2025
@janthurau
Copy link
Contributor

janthurau commented Oct 6, 2025
edited
Loading

Thank you for your PR!

Wondering if we need a new message type that the provider sends, or if it can just send the usual Auth message and we handle that in the server? That would probably also solve https://github.com/ueberdosis/hocuspocus/pull/1001/files#diff-2f3921abc2796f1f97fc6ca37bea53ef1a43b7327e68645d7f546653e04e6958R114 then

@janthurau janthurau force-pushed the b4lamx/feat/init-token-sync branch from 3cdb52c to 30140f9 Compare October 6, 2025 11:46
@0xb4lamx
Copy link
Contributor Author

0xb4lamx commented Oct 6, 2025

Thank you for your PR!

Wondering if we need a new message type that the provider sends, or if it can just send the usual Auth message and we handle that in the server? That would probably also solve https://github.com/ueberdosis/hocuspocus/pull/1001/files#diff-2f3921abc2796f1f97fc6ca37bea53ef1a43b7327e68645d7f546653e04e6958R114 then

My initial idea was to separate authentication from token sync, since the latter doesn’t always constitute an authentication operation.
I did push a new version which reuses the AuthenticationMessage for token sync as well, wdyt? @janthurau

@0xb4lamx 0xb4lamx force-pushed the b4lamx/feat/init-token-sync branch from 87ac1af to 9772018 Compare October 7, 2025 16:32
janthurau
janthurau reviewed Oct 8, 2025
View reviewed changes
@0xb4lamx 0xb4lamx force-pushed the b4lamx/feat/init-token-sync branch from 4fc7c34 to 10b2d47 Compare October 8, 2025 08:55
@0xb4lamx 0xb4lamx requested a review from janthurau October 8, 2025 09:02
@0xb4lamx
Copy link
Contributor Author

0xb4lamx commented Oct 13, 2025

any further thoughts @janthurau? I did push some docs around the new hook.

janthurau
janthurau reviewed Oct 16, 2025
View reviewed changes
@0xb4lamx 0xb4lamx force-pushed the b4lamx/feat/init-token-sync branch 3 times, most recently from fa89780 to 4ebfb95 Compare October 16, 2025 15:54
@0xb4lamx 0xb4lamx requested a review from janthurau October 16, 2025 15:54
@0xb4lamx 0xb4lamx force-pushed the b4lamx/feat/init-token-sync branch from 4ebfb95 to 8bb920a Compare October 17, 2025 14:30
janthurau
janthurau reviewed Oct 17, 2025
View reviewed changes
@0xb4lamx 0xb4lamx requested a review from janthurau October 17, 2025 15:56
@janthurau janthurau merged commit ee252fb into ueberdosis:main Oct 20, 2025
6 checks passed
@n-siddarth n-siddarth mentioned this pull request Dec 16, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@janthurau janthurau Awaiting requested review from janthurau

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@0xb4lamx @janthurau