feat: onAuthExpired callback

[aarongranick-okta]

PR Checklist

Please check if your PR fulfills the following requirements:

• The commit message follows our guidelines
• Tests for the changes have been added (for bug fixes / features)
• Docs have been added / updated (for bug fixes / features)

PR Type

What kind of change does this PR introduce?

• Bugfix
• Feature
• Code style update (formatting, local variables)
• Refactoring (no functional changes, no api changes)
• Adding Tests
• Build related changes
• CI related changes
• Documentation changes
• Other... Please describe:

What is the current behavior?

onAuthRequired will be called whenever authState.isAuthenticated switches to false. The default behavior is to call signinWithRedirect() This causes an (unwanted) redirect after tokens are removed or session expires.

Issue Number: OKTA-394440

What is the new behavior?

onAuthRequired will be called ONCE for a SecureRoute. If authState.isAuthenticated toggles to false later, a new callback named "onAuthExpired" will be called BUT the component will be rendered (this is new behavior). The onAuthExpired option can be passed as a prop to Security or SecureRoute.

Does this PR introduce a breaking change?

• Yes
• No

The secure component's children may be rendered even though oktaAuth.isAuthenticated() returns false. This could break assumptions made by the child component.

Other information

Reviewers

[shuowu]

Looks like we are able to detect if it's triggered by initial load or future authState change, how about feeding an extra state object to the onAuthRequiredFn callback, then devs can code based on that?

onAuthRequired(oktaAuth, options /* probably not the best name */) 

In this way, we make the workaround possible with a minor change. Thoughts?