Skip to content

Commit

Permalink
Merge pull request #34 from keycloakify/non_jwt_refresh_token
Browse files Browse the repository at this point in the history
Non jwt refresh token
  • Loading branch information
garronej authored Oct 4, 2024
2 parents 59b8db7 + d0559ce commit c7fbe35
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 5 deletions.
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "oidc-spa",
"version": "5.4.0",
"version": "5.4.1-rc.0",
"description": "Openidconnect client for Single Page Applications",
"repository": {
"type": "git",
Expand Down
20 changes: 16 additions & 4 deletions src/oidc.ts
Original file line number Diff line number Diff line change
Expand Up @@ -1258,7 +1258,8 @@ export async function createOidc<

const tokens = oidcClientTsUserToTokens({
oidcClientTsUser,
decodedIdTokenSchema
decodedIdTokenSchema,
log
});

if (tokens.refreshTokenExpirationTime < tokens.accessTokenExpirationTime) {
Expand Down Expand Up @@ -1448,7 +1449,8 @@ export async function createOidc<

currentTokens = oidcClientTsUserToTokens({
oidcClientTsUser,
decodedIdTokenSchema
decodedIdTokenSchema,
log
});

// NOTE: We do that to preserve the cache and the object reference.
Expand Down Expand Up @@ -1625,8 +1627,9 @@ export async function createOidc<
function oidcClientTsUserToTokens<DecodedIdToken extends Record<string, unknown>>(params: {
oidcClientTsUser: OidcClientTsUser;
decodedIdTokenSchema?: { parse: (data: unknown) => DecodedIdToken };
log: ((message: string) => void) | undefined;
}): Oidc.Tokens<DecodedIdToken> {
const { oidcClientTsUser, decodedIdTokenSchema } = params;
const { oidcClientTsUser, decodedIdTokenSchema, log } = params;

const accessToken = oidcClientTsUser.access_token;

Expand Down Expand Up @@ -1669,7 +1672,16 @@ function oidcClientTsUserToTokens<DecodedIdToken extends Record<string, unknown>
return expirationTime;
}

assert(false, "Failed to get refresh token expiration time");
log?.(
[
"Couldn't read the expiration time of the refresh token from the jwt",
"It's ok. Some OIDC server like Microsoft Entra ID does not use JWT for the refresh token.",
"Be aware that it prevent you from implementing the auto logout mechanism: https://docs.oidc-spa.dev/documentation/auto-logout",
"If you need auto logout you'll have to provide use the __unsafe_ssoSessionIdleSeconds param."
].join("\n")
);

return Number.POSITIVE_INFINITY;
})();

const idToken = oidcClientTsUser.id_token;
Expand Down

0 comments on commit c7fbe35

Please sign in to comment.