WIP: refresh token should not be renewed before expiry

bkd-mba-fbi · Oct 29, 2024 · 37e57cc · 37e57cc
1 parent 889b5e7
commit 37e57cc
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 9 deletions.
diff --git a/src/utils/auth.ts b/src/utils/auth.ts
@@ -24,7 +24,7 @@ import {
   getTokenPayload,
   isTokenAlmostExpired,
   isTokenExpired,
-  isValidToken,
+  isValidAccessToken,
 } from "./token";
 import {
   clearTokenRenewalTimers,
@@ -205,7 +205,7 @@ function getAuthorizationEndpoint(): string {
  */
 function updateTokenStateForScope(scope: string, locale: string): void {
   // Try state's "current" token (initialized from sessionStorage)
-  if (isValidToken(tokenState.accessToken, scope, locale)) {
+  if (isValidAccessToken(tokenState.accessToken, scope, locale)) {
     log(
       `Current token for scope "${scope}" and locale "${locale}" already set`,
     );
@@ -214,7 +214,7 @@ function updateTokenStateForScope(scope: string, locale: string): void {
 
   // Try cached access token for scope (from localStorage)
   const cachedAccessToken = getAccessToken(scope);
-  if (isValidToken(cachedAccessToken, scope, locale)) {
+  if (isValidAccessToken(cachedAccessToken, scope, locale)) {
     log(
       `Token for scope "${scope}" and locale "${locale}" cached, set as current`,
     );

diff --git a/src/utils/token-renewal.ts b/src/utils/token-renewal.ts
@@ -7,6 +7,7 @@ import {
   getTokenExpireIn,
   getTokenPayload,
   isTokenAlmostExpired,
+  isTokenExpired,
 } from "./token";
 
 enum TokenType {
@@ -79,7 +80,11 @@ function scheduleExpiration(
 
   if (!token) return;
 
-  const expireIn = getTokenExpireIn(token) - TOKEN_ALMOST_EXPIRY_MS;
+  // Access tokens will fire a before their actual expiry, refresh token when
+  // they actually expire
+  const almostExpiry = type === TokenType.Access ? TOKEN_ALMOST_EXPIRY_MS : 0;
+  const expireIn = getTokenExpireIn(token) - almostExpiry;
+
   // Don't set timer for already expired token since this will be
   // handled by the auth.ts logic and would cause a redirection loop
   if (expireIn > 0) {
@@ -120,7 +125,11 @@ function tokenExpired(
         : getRefreshToken(scope);
     const payload = actualToken ? getTokenPayload(actualToken) : null;
     if (payload) {
-      if (isTokenAlmostExpired(payload)) {
+      const expired =
+        type === TokenType.Access
+          ? isTokenAlmostExpired(payload)
+          : isTokenExpired(payload);
+      if (expired) {
         await onRenew(payload.scope, payload.locale);
       } else {
         log(

diff --git a/src/utils/token.ts b/src/utils/token.ts
@@ -46,11 +46,11 @@ export function getTokenPayload(token: string): TokenPayload {
 export const TOKEN_ALMOST_EXPIRY_MS = 10 * 1000;
 
 /**
- * Returns true if the given token matches the given scope/locale & is
- * not expired to decide whether or not an access token can be used or
- * should be refreshed.
+ * Returns true if the given access token matches the given scope/locale & is
+ * not expired to decide whether or not an access token can be used or should be
+ * refreshed.
  */
-export function isValidToken(
+export function isValidAccessToken(
   token: string | null,
   scope: string,
   locale: string,