UNPKG

@okta-dfuhriman/okta-auth-js

Version:
71 lines (64 loc) 2.39 kB
/*! * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved. * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") * * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * * See the License for the specific language governing permissions and limitations under the License. * */ import { AuthSdkError } from '../errors'; import { OktaAuthOAuthInterface, Token, Tokens, isAccessToken, AccessToken, IDToken, isIDToken } from './types'; import { getWithoutPrompt } from './getWithoutPrompt'; import { renewTokensWithRefresh } from './renewTokensWithRefresh'; function throwInvalidTokenError() { throw new AuthSdkError( 'Renew must be passed a token with an array of scopes and an accessToken or idToken' ); } // Multiple tokens may have come back. Return only the token which was requested. function getSingleToken(originalToken: Token, tokens: Tokens) { if (isIDToken(originalToken)) { return tokens.idToken; } if (isAccessToken(originalToken)) { return tokens.accessToken; } throwInvalidTokenError(); } // If we have a refresh token, renew using that, otherwise getWithoutPrompt export async function renewToken(sdk: OktaAuthOAuthInterface, token: Token): Promise<Token | undefined> { if (!isIDToken(token) && !isAccessToken(token)) { throwInvalidTokenError(); } let tokens = sdk.tokenManager.getTokensSync(); if (tokens.refreshToken) { tokens = await renewTokensWithRefresh(sdk, { scopes: token.scopes, }, tokens.refreshToken); return getSingleToken(token, tokens); } var responseType; if (sdk.options.pkce) { responseType = 'code'; } else if (isAccessToken(token)) { responseType = 'token'; } else { responseType = 'id_token'; } const { scopes, authorizeUrl, userinfoUrl, issuer, claims } = token as (AccessToken & IDToken); return getWithoutPrompt(sdk, { responseType, scopes, authorizeUrl, userinfoUrl, issuer, audience: claims?.aud }) .then(function (res) { return getSingleToken(token, res.tokens); }); }