@okta-dfuhriman/okta-auth-js
Version:
The Okta Auth SDK
71 lines (64 loc) • 2.39 kB
text/typescript
/*!
* Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
* The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
*
* You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
*
* See the License for the specific language governing permissions and limitations under the License.
*
*/
import { AuthSdkError } from '../errors';
import { OktaAuthOAuthInterface, Token, Tokens, isAccessToken, AccessToken, IDToken, isIDToken } from './types';
import { getWithoutPrompt } from './getWithoutPrompt';
import { renewTokensWithRefresh } from './renewTokensWithRefresh';
function throwInvalidTokenError() {
throw new AuthSdkError(
'Renew must be passed a token with an array of scopes and an accessToken or idToken'
);
}
// Multiple tokens may have come back. Return only the token which was requested.
function getSingleToken(originalToken: Token, tokens: Tokens) {
if (isIDToken(originalToken)) {
return tokens.idToken;
}
if (isAccessToken(originalToken)) {
return tokens.accessToken;
}
throwInvalidTokenError();
}
// If we have a refresh token, renew using that, otherwise getWithoutPrompt
export async function renewToken(sdk: OktaAuthOAuthInterface, token: Token): Promise<Token | undefined> {
if (!isIDToken(token) && !isAccessToken(token)) {
throwInvalidTokenError();
}
let tokens = sdk.tokenManager.getTokensSync();
if (tokens.refreshToken) {
tokens = await renewTokensWithRefresh(sdk, {
scopes: token.scopes,
}, tokens.refreshToken);
return getSingleToken(token, tokens);
}
var responseType;
if (sdk.options.pkce) {
responseType = 'code';
} else if (isAccessToken(token)) {
responseType = 'token';
} else {
responseType = 'id_token';
}
const { scopes, authorizeUrl, userinfoUrl, issuer, claims } = token as (AccessToken & IDToken);
return getWithoutPrompt(sdk, {
responseType,
scopes,
authorizeUrl,
userinfoUrl,
issuer,
audience: claims?.aud
})
.then(function (res) {
return getSingleToken(token, res.tokens);
});
}