feat: getAccessToken (#65)

logto-io · Nov 1, 2021 · 9480d8b · 9480d8b
1 parent 09c214a
commit 9480d8b
Show file tree

Hide file tree

Showing 2 changed files with 82 additions and 1 deletion.
diff --git a/packages/client/src/index.test.ts b/packages/client/src/index.test.ts
@@ -232,6 +232,59 @@ describe('LogtoClient', () => {
     });
   });
 
+  describe('getAccessToken', () => {
+    describe('from local', () => {
+      test('get accessToken from tokenset', async () => {
+        const storage = new MemoryStorage();
+        storage.setItem(`LOGTO_TOKEN_SET_CACHE::${discoverResponse.issuer}::${CLIENT_ID}`, {
+          ...fakeTokenResponse,
+          id_token: (await generateIdToken()).idToken,
+        });
+        const logto = await LogtoClient.create({
+          domain: DOMAIN,
+          clientId: CLIENT_ID,
+          storage,
+        });
+        await expect(logto.getAccessToken()).resolves.toEqual(fakeTokenResponse.access_token);
+      });
+
+      test('not authenticated should throw', async () => {
+        const logto = await LogtoClient.create({
+          domain: DOMAIN,
+          clientId: CLIENT_ID,
+        });
+        await expect(logto.getAccessToken()).rejects.toThrow();
+      });
+    });
+
+    describe('grant new tokenset with refresh_token', () => {
+      // eslint-disable-next-line @silverhand/fp/no-let
+      let logto: LogtoClient;
+
+      beforeEach(async () => {
+        const storage = new MemoryStorage();
+        storage.setItem(`LOGTO_TOKEN_SET_CACHE::${discoverResponse.issuer}::${CLIENT_ID}`, {
+          ...fakeTokenResponse,
+          id_token: (await generateIdToken()).idToken,
+          expires_in: -1,
+        });
+        logto = await LogtoClient.create({
+          domain: DOMAIN,
+          clientId: CLIENT_ID,
+          storage,
+        });
+      });
+
+      test('should get access_token after refresh', async () => {
+        await expect(logto.getAccessToken()).resolves.toEqual(fakeTokenResponse.access_token);
+      });
+
+      test('verifyIdToken should have been called', async () => {
+        expect(verifyIdToken).toHaveBeenCalled();
+      });
+    });
+  });
+
   describe('logout', () => {
     test('window.location.assign should have been called', async () => {
       const logto = await LogtoClient.create({

diff --git a/packages/client/src/index.ts b/packages/client/src/index.ts
@@ -1,7 +1,11 @@
 import { Optional } from '@silverhand/essentials';
 
 import discover, { OIDCConfiguration } from './discover';
-import { grantTokenByAuthorizationCode, TokenSetParameters } from './grant-token';
+import {
+  grantTokenByAuthorizationCode,
+  grantTokenByRefreshToken,
+  TokenSetParameters,
+} from './grant-token';
 import { parseRedirectCallback } from './parse-callback';
 import { getLoginUrlAndCodeVerifier } from './request-login';
 import { getLogoutUrl } from './request-logout';
@@ -104,6 +108,30 @@ export default class LogtoClient {
     return Boolean(this.tokenSet);
   }
 
+  public async getAccessToken() {
+    if (!this.isAuthenticated || !this.tokenSet) {
+      throw new Error('Not authenticated');
+    }
+
+    if (!this.tokenSet.expired()) {
+      return this.tokenSet.accessToken;
+    }
+
+    const tokenParameters = await grantTokenByRefreshToken(
+      this.oidcConfiguration.token_endpoint,
+      this.clientId,
+      this.tokenSet.refreshToken
+    );
+    await verifyIdToken(
+      createJWKS(this.oidcConfiguration.jwks_uri),
+      tokenParameters.id_token,
+      this.clientId
+    );
+    this.storage.setItem(this.tokenSetCacheKey, tokenParameters);
+    this.tokenSet = new TokenSet(tokenParameters);
+    return this.tokenSet.accessToken;
+  }
+
   public logout(redirectUri: string) {
     this.sessionManager.clear();
     if (!this.tokenSet) {