Refactor authentication handling and improve error management

- Updated ClassApp to handle errors without logging the error object.
- Enhanced Auth0Provider tests to simulate loading states and credential retrieval.
- Implemented unimplemented methods in NativeWebAuthProvider to throw AuthError.
- Refactored WebAuth0Client to use a singleton pattern for Auth0Client instance.
- Improved WebWebAuthProvider to handle redirect callbacks and errors more gracefully.
- Added comprehensive tests for WebAuth0Client and WebCredentialsManager to ensure correct behavior.
- Created tests for UnimplementedWebAuthenticationProvider to validate error handling.
- Added tests for WebCredentialsManager to verify credential management functionality.

Author: subhankarmaiti

example/src/App.web.tsx

@@ -209,7 +209,7 @@ class ClassApp extends React.Component<{}, ClassAppState> {
         token: credentials.accessToken,
       });
       this.setState({ user, result: credentials, isLoading: false });
-    } catch (e) {
+    } catch {
       this.setState({ user: null, isLoading: false });
     }
   };

src/hooks/__tests__/Auth0Provider.spec.tsx

@@ -87,6 +87,7 @@ const createMockClient = () => {
       authorize: jest.fn().mockResolvedValue(mockCredentials),
       clearSession: jest.fn().mockResolvedValue(undefined),
       cancelWebAuth: jest.fn().mockResolvedValue(undefined),
+      handleRedirectCallback: jest.fn().mockResolvedValue(undefined),
     },
     credentialsManager: {
       hasValidCredentials: jest.fn().mockResolvedValue(false),
@@ -112,6 +113,7 @@ const createMockClient = () => {
       refreshToken: jest.fn(),
       revoke: jest.fn(),
       userInfo: jest.fn(),
+      passwordRealm: jest.fn(),
     },
     users: jest.fn(),
   };
@@ -185,21 +187,45 @@ describe('Auth0Provider', () => {
     MockAuth0User.fromIdToken.mockReturnValue(mockUser as any);
   });
 
-  it('should render a loading state initially', () => {
-    render(
-      <Auth0Provider domain="test.com" clientId="123">
-        <TestConsumer />
-      </Auth0Provider>
+  it('should render a loading state initially', async () => {
+    // Make getCredentials return a promise that we can control
+    let resolveCredentials: (value: any) => void;
+    const credentialsPromise = new Promise((resolve) => {
+      resolveCredentials = resolve;
+    });
+    mockClientInstance.credentialsManager.getCredentials.mockReturnValue(
+      credentialsPromise
     );
+
+    await act(async () => {
+      render(
+        <Auth0Provider domain="test.com" clientId="123">
+          <TestConsumer />
+        </Auth0Provider>
+      );
+    });
+
+    // Should show loading state initially
     expect(screen.getByTestId('loading')).toBeDefined();
+
+    // Resolve the credentials promise
+    await act(async () => {
+      resolveCredentials!(null);
+    });
+
+    // Now it should show the "not logged in" state
+    await waitFor(() => expect(screen.queryByTestId('loading')).toBeNull());
   });
 
   it('should initialize with no user if no valid credentials exist', async () => {
-    render(
-      <Auth0Provider domain="test.com" clientId="123">
-        <TestConsumer />
-      </Auth0Provider>
-    );
+    await act(async () => {
+      render(
+        <Auth0Provider domain="test.com" clientId="123">
+          <TestConsumer />
+        </Auth0Provider>
+      );
+    });
+
     await waitFor(() => expect(screen.queryByTestId('loading')).toBeNull());
     expect(
       mockClientInstance.credentialsManager.getCredentials
@@ -216,11 +242,13 @@ describe('Auth0Provider', () => {
       expiresAt: Date.now() / 1000 + 3600,
     } as any);
 
-    render(
-      <Auth0Provider domain="test.com" clientId="123">
-        <TestConsumer />
-      </Auth0Provider>
-    );
+    await act(async () => {
+      render(
+        <Auth0Provider domain="test.com" clientId="123">
+          <TestConsumer />
+        </Auth0Provider>
+      );
+    });
 
     await waitFor(() => {
       expect(screen.getByTestId('user-status')).toHaveTextContent(
@@ -232,11 +260,14 @@ describe('Auth0Provider', () => {
   });
 
   it('should update the state correctly after a successful authorize call', async () => {
-    render(
-      <Auth0Provider domain="test.com" clientId="123">
-        <TestConsumer />
-      </Auth0Provider>
-    );
+    await act(async () => {
+      render(
+        <Auth0Provider domain="test.com" clientId="123">
+          <TestConsumer />
+        </Auth0Provider>
+      );
+    });
+
     await waitFor(() =>
       expect(screen.getByTestId('user-status')).toHaveTextContent(
         'Not logged in'
@@ -268,11 +299,14 @@ describe('Auth0Provider', () => {
       expiresAt: Date.now() / 1000 + 3600,
     } as any);
 
-    render(
-      <Auth0Provider domain="test.com" clientId="123">
-        <TestConsumer />
-      </Auth0Provider>
-    );
+    await act(async () => {
+      render(
+        <Auth0Provider domain="test.com" clientId="123">
+          <TestConsumer />
+        </Auth0Provider>
+      );
+    });
+
     await waitFor(() =>
       expect(screen.getByTestId('user-status')).toHaveTextContent(
         'Logged in as: Test User'
@@ -302,11 +336,14 @@ describe('Auth0Provider', () => {
     };
     mockClientInstance.webAuth.authorize.mockRejectedValueOnce(loginError);
 
-    render(
-      <Auth0Provider domain="test.com" clientId="123">
-        <TestConsumer />
-      </Auth0Provider>
-    );
+    await act(async () => {
+      render(
+        <Auth0Provider domain="test.com" clientId="123">
+          <TestConsumer />
+        </Auth0Provider>
+      );
+    });
+
     await waitFor(() =>
       expect(screen.getByTestId('user-status')).toHaveTextContent(
         'Not logged in'
@@ -334,11 +371,14 @@ describe('Auth0Provider', () => {
   });
 
   it('should call createUser but not change the login state', async () => {
-    render(
-      <Auth0Provider domain="test.com" clientId="123">
-        <TestConsumer />
-      </Auth0Provider>
-    );
+    await act(async () => {
+      render(
+        <Auth0Provider domain="test.com" clientId="123">
+          <TestConsumer />
+        </Auth0Provider>
+      );
+    });
+
     await waitFor(() =>
       expect(screen.getByTestId('user-status')).toHaveTextContent(
         'Not logged in'
@@ -358,11 +398,14 @@ describe('Auth0Provider', () => {
   });
 
   it('should call resetPassword and not change the login state', async () => {
-    render(
-      <Auth0Provider domain="test.com" clientId="123">
-        <TestConsumer />
-      </Auth0Provider>
-    );
+    await act(async () => {
+      render(
+        <Auth0Provider domain="test.com" clientId="123">
+          <TestConsumer />
+        </Auth0Provider>
+      );
+    });
+
     await waitFor(() =>
       expect(screen.getByTestId('user-status')).toHaveTextContent(
         'Not logged in'

src/platforms/native/adapters/NativeWebAuthProvider.ts

@@ -11,6 +11,9 @@ import type {
 } from '../../../types/platform-specific';
 import type { INativeBridge } from '../bridge';
 import { finalizeScope } from '../../../core/utils';
+import { AuthError } from '../../../core/models';
+
+const webAuthNotSupported = 'This Method is only available in web platform.';
 
 /**
  * A native platform-specific implementation of the IWebAuthProvider.
@@ -21,6 +24,9 @@ export class NativeWebAuthProvider implements IWebAuthProvider {
     private bridge: INativeBridge,
     private domain: string
   ) {}
+  handleRedirectCallback(): Promise<void> {
+    throw new AuthError('NotImplemented', webAuthNotSupported);
+  }
 
   async authorize(
     parameters: WebAuthorizeParameters = {},

src/platforms/web/adapters/WebAuth0Client.ts

@@ -14,34 +14,40 @@ import {
 import { HttpClient } from '../../../core/services/HttpClient';
 import { AuthError } from '../../../core/models';
 
-let spaClient: Auth0Client | null = null;
-let redirectHandled = false;
-
-/**
- * Factory function to get a singleton instance of Auth0Client.
- * This ensures that the client is only created once and reused.
- *
- * @param options - The Auth0ClientOptions to configure the client.
- * @returns An instance of Auth0Client.
- */
-const getSpaClient = (options: Auth0ClientOptions): Auth0Client => {
-  if (spaClient) {
-    return spaClient;
-  }
-  spaClient = new Auth0Client(options);
-  return spaClient;
-};
-
 export class WebAuth0Client implements IAuth0Client {
   readonly webAuth: WebWebAuthProvider;
   readonly credentialsManager: WebCredentialsManager;
   readonly auth: AuthenticationOrchestrator;
 
   private readonly httpClient: HttpClient;
   public readonly client: Auth0Client;
+  private static spaClient: Auth0Client | null = null;
 
   private logoutInProgress = false;
 
+  /**
+   * Factory method to get a singleton instance of Auth0Client.
+   * This ensures that the client is only created once and reused.
+   *
+   * @param options - The Auth0ClientOptions to configure the client.
+   * @returns An instance of Auth0Client.
+   */
+  private static getSpaClient(options: Auth0ClientOptions): Auth0Client {
+    if (WebAuth0Client.spaClient) {
+      return WebAuth0Client.spaClient;
+    }
+    WebAuth0Client.spaClient = new Auth0Client(options);
+    return WebAuth0Client.spaClient;
+  }
+
+  /**
+   * Reset the singleton instance. Used for testing purposes.
+   * @internal
+   */
+  public static resetSpaClientSingleton(): void {
+    WebAuth0Client.spaClient = null;
+  }
+
   constructor(options: WebAuth0Options) {
     const baseUrl = `https://${options.domain}`;
 
@@ -69,7 +75,7 @@ export class WebAuth0Client implements IAuth0Client {
     };
 
     // Use the singleton factory to get the spa-js client instance.
-    const client = getSpaClient(clientOptions);
+    const client = WebAuth0Client.getSpaClient(clientOptions);
     this.client = client;
 
     this.webAuth = new WebWebAuthProvider(this.client);

src/platforms/web/adapters/WebWebAuthProvider.ts

@@ -31,9 +31,9 @@ export class WebWebAuthProvider implements IWebAuthProvider {
     return new Promise(() => {});
   }
 
-  async handleRedirectCallback(url?: string): Promise<RedirectLoginResult> {
+  async handleRedirectCallback(url?: string): Promise<void> {
     try {
-      return await this.client.handleRedirectCallback(url);
+      await this.client.handleRedirectCallback(url);
     } catch (e: any) {
       throw new AuthError(
         e.error ?? 'RedirectCallbackError',