Merge pull request #563 from InjectiveLabs/fix/turnkey-refresh

ThomasRalee · web-flow · commit 09c88cfcbf22 · 2025-05-27T16:30:23.000+02:00
fix: ensure expiration seconds is always used
diff --git a/packages/wallets/wallet-turnkey/src/strategy/turnkey/oauth.ts b/packages/wallets/wallet-turnkey/src/strategy/turnkey/oauth.ts
@@ -7,7 +7,10 @@ import { sha256 } from '@injectivelabs/sdk-ts'
 import type { TurnkeyOauthLoginResponse } from '../types.js'
 import type { TurnkeyIframeClient } from '@turnkey/sdk-browser'
 import { type HttpRestClient } from '@injectivelabs/utils'
-import { TURNKEY_OAUTH_PATH } from '../consts.js'
+import {
+  DEFAULT_TURNKEY_REFRESH_SECONDS,
+  TURNKEY_OAUTH_PATH,
+} from '../consts.js'
 
 export class TurnkeyOauthWallet {
   static async generateOAuthNonce(iframeClient: TurnkeyIframeClient) {
@@ -34,13 +37,13 @@ export class TurnkeyOauthWallet {
     oidcToken: string
     client: HttpRestClient
     oauthLoginPath?: string
-    expirationSeconds?: number
     providerName: 'google' | 'apple'
     iframeClient: TurnkeyIframeClient
+    expirationSeconds?: number
   }): Promise<
     { organizationId: string; credentialBundle: string } | undefined
   > {
-    const { client, iframeClient } = args
+    const { client, iframeClient, expirationSeconds } = args
 
     const path = args.oauthLoginPath || TURNKEY_OAUTH_PATH
 
@@ -57,6 +60,9 @@ export class TurnkeyOauthWallet {
         targetPublicKey,
         oidcToken: args.oidcToken,
         providerName: args.providerName,
+        expirationSeconds: (
+          expirationSeconds || DEFAULT_TURNKEY_REFRESH_SECONDS
+        )?.toString(),
       })
 
       return response.data
diff --git a/packages/wallets/wallet-turnkey/src/strategy/turnkey/otp.ts b/packages/wallets/wallet-turnkey/src/strategy/turnkey/otp.ts
@@ -9,7 +9,11 @@ import {
   type TurnkeyOTPCredentialsResponse,
 } from './../types.js'
 import { type HttpRestClient } from '@injectivelabs/utils'
-import { TURNKEY_OTP_INIT_PATH, TURNKEY_OTP_VERIFY_PATH } from '../consts.js'
+import {
+  DEFAULT_TURNKEY_REFRESH_SECONDS,
+  TURNKEY_OTP_INIT_PATH,
+  TURNKEY_OTP_VERIFY_PATH,
+} from '../consts.js'
 
 export class TurnkeyOtpWallet {
   static async initEmailOTP(args: {
@@ -56,8 +60,9 @@ export class TurnkeyOtpWallet {
     organizationId: string
     iframeClient: TurnkeyIframeClient
     otpVerifyPath?: string
+    expirationSeconds?: number
   }) {
-    const { client, iframeClient } = args
+    const { client, iframeClient, expirationSeconds } = args
 
     try {
       const organizationId = args.organizationId
@@ -84,6 +89,9 @@ export class TurnkeyOtpWallet {
         otpId: emailOTPId,
         otpCode: args.otpCode,
         suborgID: organizationId,
+        expirationSeconds: (
+          expirationSeconds || DEFAULT_TURNKEY_REFRESH_SECONDS
+        )?.toString(),
       })
 
       return response?.data
diff --git a/packages/wallets/wallet-turnkey/src/strategy/turnkey/turnkey.ts b/packages/wallets/wallet-turnkey/src/strategy/turnkey/turnkey.ts
@@ -235,28 +235,25 @@ export class TurnkeyWallet {
     const expirationSeconds =
       options.expirationSeconds || DEFAULT_TURNKEY_REFRESH_SECONDS
     const iframeClient = await this.getIframeClient()
-
     await iframeClient.injectCredentialBundle(credentialBundle)
     await iframeClient.refreshSession({
       sessionType: SessionType.READ_WRITE,
-      expirationSeconds: options.expirationSeconds,
       targetPublicKey: iframeClient.iframePublicKey,
+      expirationSeconds,
     })
 
-    // If we just logged in, we have the new org ID here and don't need to wait on getSession method
-    if (options.organizationId) {
-      this.organizationId = options.organizationId
-      this.metadata.organizationId = options.organizationId
-    } else {
-      const session = await this.getSession()
-      this.organizationId = session.organizationId
-      this.metadata.organizationId = session.organizationId
+    const session = await this.turnkey?.getSession()
+    if (!session) {
+      throw new WalletException(new Error('Failed to refresh session'))
     }
 
+    this.organizationId = session.organizationId
+    this.metadata.organizationId = session.organizationId
+
     // Refresh the session 2 minutes before it expires
     setTimeout(() => {
       iframeClient.refreshSession({
-        expirationSeconds,
+        expirationSeconds: session?.expiry,
         sessionType: SessionType.READ_WRITE,
         targetPublicKey: iframeClient.iframePublicKey,
       })
@@ -372,7 +369,8 @@ export class TurnkeyWallet {
 
     if (session.session?.token) {
       await this.injectAndRefresh(session.session.token, {
-        expirationSeconds: this.metadata.expirationSeconds,
+        expirationSeconds:
+          this.metadata.expirationSeconds || DEFAULT_TURNKEY_REFRESH_SECONDS,
       })
 
       return session.session.token
