From 62e6344fa63942062f0a4e2b7426c717862a8bf7 Mon Sep 17 00:00:00 2001
From: Subhankar Maiti <subhankar.maiti@okta.com>
Date: Thu, 28 Aug 2025 11:56:03 +0530
Subject: [PATCH] feat(auth): add saveCredentials method to Auth0Context and
 implement in Auth0Provider

---
 src/hooks/Auth0Context.ts                  |   9 ++
 src/hooks/Auth0Provider.tsx                |  15 +++
 src/hooks/__tests__/Auth0Provider.spec.tsx | 147 +++++++++++++++++++++
 3 files changed, 171 insertions(+)

diff --git a/src/hooks/Auth0Context.ts b/src/hooks/Auth0Context.ts
index 716bc582..edc4f3a0 100644
--- a/src/hooks/Auth0Context.ts
+++ b/src/hooks/Auth0Context.ts
@@ -48,6 +48,14 @@ export interface Auth0ContextInterface extends AuthState {
    */
   clearSession(parameters?: ClearSessionParameters): Promise<void>;
 
+  /**
+   * Saves the user's credentials.
+   * @param credentials The credentials to save.
+   * @returns A promise that resolves when the credentials have been saved.
+   * @throws {AuthError} If the save fails.
+   */
+  saveCredentials(credentials: Credentials): Promise<void>;
+
   /**
    * Retrieves the stored credentials, refreshing them if necessary.
    * @param scope The scopes to request for the new access token (used during refresh).
@@ -208,6 +216,7 @@ const initialContext: Auth0ContextInterface = {
   isLoading: true,
   authorize: stub,
   clearSession: stub,
+  saveCredentials: stub,
   getCredentials: stub,
   clearCredentials: stub,
   hasValidCredentials: stub,
diff --git a/src/hooks/Auth0Provider.tsx b/src/hooks/Auth0Provider.tsx
index 531ab586..1f9755ab 100644
--- a/src/hooks/Auth0Provider.tsx
+++ b/src/hooks/Auth0Provider.tsx
@@ -170,6 +170,19 @@ export const Auth0Provider = ({
     [client]
   );
 
+  const saveCredentials = useCallback(
+    async (credentials: Credentials) => {
+      try {
+        await client.credentialsManager.saveCredentials(credentials);
+      } catch (e) {
+        const error = e as AuthError;
+        dispatch({ type: 'ERROR', error });
+        throw error;
+      }
+    },
+    [client]
+  );
+
   const clearCredentials = useCallback(async (): Promise<void> => {
     try {
       await client.credentialsManager.clearCredentials();
@@ -290,6 +303,7 @@ export const Auth0Provider = ({
       ...state,
       authorize,
       clearSession,
+      saveCredentials,
       getCredentials,
       hasValidCredentials,
       clearCredentials,
@@ -313,6 +327,7 @@ export const Auth0Provider = ({
       state,
       authorize,
       clearSession,
+      saveCredentials,
       getCredentials,
       hasValidCredentials,
       clearCredentials,
diff --git a/src/hooks/__tests__/Auth0Provider.spec.tsx b/src/hooks/__tests__/Auth0Provider.spec.tsx
index 9099a6a0..765622cb 100644
--- a/src/hooks/__tests__/Auth0Provider.spec.tsx
+++ b/src/hooks/__tests__/Auth0Provider.spec.tsx
@@ -468,4 +468,151 @@ describe('Auth0Provider', () => {
       'Not logged in'
     );
   });
+
+  describe('saveCredentials', () => {
+    const TestSaveCredentialsConsumer = () => {
+      const { saveCredentials, error } = useAuth0();
+
+      const handleSaveCredentials = () => {
+        const credentials = {
+          idToken: 'id_token_123',
+          accessToken: 'access_token_456',
+          tokenType: 'Bearer' as const,
+          expiresAt: Date.now() / 1000 + 3600,
+          scope: 'openid profile email',
+          refreshToken: 'refresh_token_789',
+        };
+        saveCredentials(credentials).catch(() => {});
+      };
+
+      if (error) {
+        return <Text testID="error">Error: {error.message}</Text>;
+      }
+
+      return (
+        <View>
+          <Button
+            title="Save Credentials"
+            onPress={handleSaveCredentials}
+            testID="save-credentials-button"
+          />
+        </View>
+      );
+    };
+
+    it('should save credentials successfully', async () => {
+      mockClientInstance.credentialsManager.saveCredentials.mockResolvedValueOnce(
+        undefined
+      );
+
+      await act(async () => {
+        render(
+          <Auth0Provider domain="test.com" clientId="123">
+            <TestSaveCredentialsConsumer />
+          </Auth0Provider>
+        );
+      });
+
+      const saveButton = screen.getByTestId('save-credentials-button');
+      await act(async () => {
+        fireEvent.click(saveButton);
+      });
+
+      expect(
+        mockClientInstance.credentialsManager.saveCredentials
+      ).toHaveBeenCalledTimes(1);
+      expect(
+        mockClientInstance.credentialsManager.saveCredentials
+      ).toHaveBeenCalledWith({
+        idToken: 'id_token_123',
+        accessToken: 'access_token_456',
+        tokenType: 'Bearer',
+        expiresAt: expect.any(Number),
+        scope: 'openid profile email',
+        refreshToken: 'refresh_token_789',
+      });
+    });
+
+    it('should handle save credentials error and dispatch to state', async () => {
+      const saveError = new Error('Failed to save credentials to Keychain');
+      mockClientInstance.credentialsManager.saveCredentials.mockRejectedValueOnce(
+        saveError
+      );
+
+      await act(async () => {
+        render(
+          <Auth0Provider domain="test.com" clientId="123">
+            <TestSaveCredentialsConsumer />
+          </Auth0Provider>
+        );
+      });
+
+      const saveButton = screen.getByTestId('save-credentials-button');
+      await act(async () => {
+        fireEvent.click(saveButton);
+      });
+
+      await waitFor(() => {
+        expect(screen.getByTestId('error')).toHaveTextContent(
+          'Error: Failed to save credentials to Keychain'
+        );
+      });
+
+      expect(
+        mockClientInstance.credentialsManager.saveCredentials
+      ).toHaveBeenCalledTimes(1);
+    });
+
+    it('should save minimal credentials', async () => {
+      const TestMinimalCredentialsConsumer = () => {
+        const { saveCredentials } = useAuth0();
+
+        const handleSaveMinimalCredentials = () => {
+          const minimalCredentials = {
+            idToken: 'id_token_minimal',
+            accessToken: 'access_token_minimal',
+            tokenType: 'Bearer' as const,
+            expiresAt: Date.now() / 1000 + 1800,
+            scope: 'openid',
+          };
+          saveCredentials(minimalCredentials).catch(() => {});
+        };
+
+        return (
+          <Button
+            title="Save Minimal Credentials"
+            onPress={handleSaveMinimalCredentials}
+            testID="save-minimal-button"
+          />
+        );
+      };
+
+      mockClientInstance.credentialsManager.saveCredentials.mockResolvedValueOnce(
+        undefined
+      );
+
+      await act(async () => {
+        render(
+          <Auth0Provider domain="test.com" clientId="123">
+            <TestMinimalCredentialsConsumer />
+          </Auth0Provider>
+        );
+      });
+
+      const saveButton = screen.getByTestId('save-minimal-button');
+      await act(async () => {
+        fireEvent.click(saveButton);
+      });
+
+      expect(
+        mockClientInstance.credentialsManager.saveCredentials
+      ).toHaveBeenCalledWith({
+        idToken: 'id_token_minimal',
+        accessToken: 'access_token_minimal',
+        tokenType: 'Bearer',
+        expiresAt: expect.any(Number),
+        scope: 'openid',
+      });
+    });
+  });
 });