Skip to content

Commit b2be3a8

Browse files
CodeSchwertCodeSchwert
committed
update token expiry check with 30 sec leeway
1 parent 4b71080 commit b2be3a8

2 files changed

Lines changed: 18 additions & 5 deletions

File tree

packages/passport/sdk/src/authManager.ts

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ import { getDetail, Detail } from '@imtbl/metrics';
1313
import localForage from 'localforage';
1414
import DeviceCredentialsManager from './storage/device_credentials_manager';
1515
import logger from './utils/logger';
16-
import { isTokenExpired } from './utils/token';
16+
import { isAccessTokenExpiredOrExpiring } from './utils/token';
1717
import { PassportError, PassportErrorType, withPassportError } from './errors/passportError';
1818
import {
1919
PassportMetadata,
@@ -70,7 +70,7 @@ const getAuthConfiguration = (config: PassportConfiguration): UserManagerSetting
7070
end_session_endpoint: endSessionEndpoint.toString(),
7171
revocation_endpoint: `${authenticationDomain}/oauth/revoke`,
7272
},
73-
mergeClaimsStrategy: { array: 'merge' },
73+
// mergeClaimsStrategy: { array: 'merge' },
7474
automaticSilentRenew: false, // Disabled until https://github.com/authts/oidc-client-ts/issues/430 has been resolved
7575
scope: oidcConfiguration.scope,
7676
userStore,
@@ -458,13 +458,15 @@ export default class AuthManager {
458458
const oidcUser = await this.userManager.getUser();
459459
if (!oidcUser) return null;
460460

461-
if (!isTokenExpired(oidcUser)) {
461+
// if the token is not expired or expiring in 30 seconds or less, return the user
462+
if (!isAccessTokenExpiredOrExpiring(oidcUser)) {
462463
const user = AuthManager.mapOidcUserToDomainModel(oidcUser);
463464
if (user && typeAssertion(user)) {
464465
return user;
465466
}
466467
}
467468

469+
// if the token is expired or expiring in 30 seconds or less, refresh the token
468470
if (oidcUser.refresh_token) {
469471
const user = await this.refreshTokenAndUpdatePromise();
470472
if (user && typeAssertion(user)) {

packages/passport/sdk/src/utils/token.ts

Lines changed: 13 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,10 +14,21 @@ export function isIdTokenExpired(idToken: string | undefined): boolean {
1414
return decodedToken.exp < now;
1515
}
1616

17-
export function isTokenExpired(oidcUser: OidcUser): boolean {
18-
const { id_token: idToken, expired } = oidcUser;
17+
export function isAccessTokenExpiredOrExpiring(oidcUser: OidcUser): boolean {
18+
const { id_token: idToken, expired, expires_in } = oidcUser;
1919
if (expired) {
2020
return true;
2121
}
22+
23+
// if token will expire in 30 seconds or less, return true
24+
if (expires_in && expires_in <= 30) {
25+
return true;
26+
}
27+
28+
// Handle missing idToken - assume they need to login again
29+
if (!idToken) {
30+
return true;
31+
}
32+
2233
return isIdTokenExpired(idToken);
2334
}

0 commit comments

Comments
 (0)