From 37e57ccd434bfd37070e2de599614a93b363d98f Mon Sep 17 00:00:00 2001
From: Mathis Hofer <hofer@puzzle.ch>
Date: Tue, 29 Oct 2024 14:09:17 +0100
Subject: [PATCH] WIP: refresh token should not be renewed before expiry

---
 src/utils/auth.ts          |  6 +++---
 src/utils/token-renewal.ts | 13 +++++++++++--
 src/utils/token.ts         |  8 ++++----
 3 files changed, 18 insertions(+), 9 deletions(-)

diff --git a/src/utils/auth.ts b/src/utils/auth.ts
index d1149dbd..00fcc9f3 100644
--- a/src/utils/auth.ts
+++ b/src/utils/auth.ts
@@ -24,7 +24,7 @@ import {
   getTokenPayload,
   isTokenAlmostExpired,
   isTokenExpired,
-  isValidToken,
+  isValidAccessToken,
 } from "./token";
 import {
   clearTokenRenewalTimers,
@@ -205,7 +205,7 @@ function getAuthorizationEndpoint(): string {
  */
 function updateTokenStateForScope(scope: string, locale: string): void {
   // Try state's "current" token (initialized from sessionStorage)
-  if (isValidToken(tokenState.accessToken, scope, locale)) {
+  if (isValidAccessToken(tokenState.accessToken, scope, locale)) {
     log(
       `Current token for scope "${scope}" and locale "${locale}" already set`,
     );
@@ -214,7 +214,7 @@ function updateTokenStateForScope(scope: string, locale: string): void {
 
   // Try cached access token for scope (from localStorage)
   const cachedAccessToken = getAccessToken(scope);
-  if (isValidToken(cachedAccessToken, scope, locale)) {
+  if (isValidAccessToken(cachedAccessToken, scope, locale)) {
     log(
       `Token for scope "${scope}" and locale "${locale}" cached, set as current`,
     );
diff --git a/src/utils/token-renewal.ts b/src/utils/token-renewal.ts
index b5e82321..f27935ec 100644
--- a/src/utils/token-renewal.ts
+++ b/src/utils/token-renewal.ts
@@ -7,6 +7,7 @@ import {
   getTokenExpireIn,
   getTokenPayload,
   isTokenAlmostExpired,
+  isTokenExpired,
 } from "./token";
 
 enum TokenType {
@@ -79,7 +80,11 @@ function scheduleExpiration(
 
   if (!token) return;
 
-  const expireIn = getTokenExpireIn(token) - TOKEN_ALMOST_EXPIRY_MS;
+  // Access tokens will fire a before their actual expiry, refresh token when
+  // they actually expire
+  const almostExpiry = type === TokenType.Access ? TOKEN_ALMOST_EXPIRY_MS : 0;
+  const expireIn = getTokenExpireIn(token) - almostExpiry;
+
   // Don't set timer for already expired token since this will be
   // handled by the auth.ts logic and would cause a redirection loop
   if (expireIn > 0) {
@@ -120,7 +125,11 @@ function tokenExpired(
         : getRefreshToken(scope);
     const payload = actualToken ? getTokenPayload(actualToken) : null;
     if (payload) {
-      if (isTokenAlmostExpired(payload)) {
+      const expired =
+        type === TokenType.Access
+          ? isTokenAlmostExpired(payload)
+          : isTokenExpired(payload);
+      if (expired) {
         await onRenew(payload.scope, payload.locale);
       } else {
         log(
diff --git a/src/utils/token.ts b/src/utils/token.ts
index 00a062fc..aaf18d7a 100644
--- a/src/utils/token.ts
+++ b/src/utils/token.ts
@@ -46,11 +46,11 @@ export function getTokenPayload(token: string): TokenPayload {
 export const TOKEN_ALMOST_EXPIRY_MS = 10 * 1000;
 
 /**
- * Returns true if the given token matches the given scope/locale & is
- * not expired to decide whether or not an access token can be used or
- * should be refreshed.
+ * Returns true if the given access token matches the given scope/locale & is
+ * not expired to decide whether or not an access token can be used or should be
+ * refreshed.
  */
-export function isValidToken(
+export function isValidAccessToken(
   token: string | null,
   scope: string,
   locale: string,