simplification of authenticateToken + address refresh

rahafjrw · rahafjrw · commit 79339fac0a5c · 2025-01-19T22:56:29.000-06:00
diff --git a/Sources/App/Controllers/Manage/Cognito.swift b/Sources/App/Controllers/Manage/Cognito.swift
@@ -21,7 +21,7 @@ struct Cognito {
     }
     
     @Sendable
-    static func authenticateToken(req: Request, sessionID: String, accessToken: String, on eventLoop: EventLoop) async throws -> Void {
+    static func authenticateToken(req: Request, sessionID: String, accessToken: String) async throws -> Void {
         let awsClient = AWSClient(httpClientProvider: .shared(req.application.http.client.shared))
         let awsCognitoConfiguration = CognitoConfiguration(
             userPoolId: Environment.get("AWS_COGNITO_POOL_ID")!,
diff --git a/Sources/App/Controllers/Manage/LoginController.swift b/Sources/App/Controllers/Manage/LoginController.swift
@@ -25,7 +25,7 @@ enum LoginController {
             let response = try await cognito.authenticate(req: req, username: user.email, password: user.password)
             switch response {
             case .authenticated(let authenticatedResponse):
-                let user = AuthenticatedUser(accessToken: authenticatedResponse.accessToken!, refreshToken: authenticatedResponse.refreshToken!)
+                let user = AuthenticatedUser(accessToken: authenticatedResponse.accessToken!)
                 req.auth.login(user)
             case .challenged(let challengedResponse): // with the current pool configuration, a challenge response is not expected
                 break
diff --git a/Sources/App/Controllers/Manage/SessionAuthentication.swift b/Sources/App/Controllers/Manage/SessionAuthentication.swift
@@ -6,7 +6,6 @@ import SotoCognitoIdentity
 
 struct AuthenticatedUser {
     var accessToken: String
-    var refreshToken: String?
 }
 
 extension AuthenticatedUser: SessionAuthenticatable {
@@ -19,11 +18,10 @@ struct UserSessionAuthenticator: AsyncSessionAuthenticator {
     func authenticate(sessionID: String, for request: Vapor.Request) async throws {
         @Dependency(\.cognito) var cognito
         do {
-            // TODO: handle response, refresh token
-            try await cognito.authenticateToken(req: request, sessionID: sessionID, accessToken: sessionID, eventLoop: request.eventLoop)
+            try await cognito.authenticateToken(req: request, sessionID: sessionID, accessToken: sessionID)
             request.auth.login(User(accessToken: sessionID))
-        } catch let error as SotoCognitoError { // TODO: handle error
-            return
+        } catch let error as SotoCognitoError {
+            // .unauthorized SotoCognitoError with reason "invalid token", attempt to refresh using req.application.cognito.authenticatable.refresh(), which requires the username and refresh token, both returned upon initial successful login
         }
     }
     typealias User = AuthenticatedUser
diff --git a/Sources/App/Core/Dependencies/CognitoClient.swift b/Sources/App/Core/Dependencies/CognitoClient.swift
@@ -20,7 +20,7 @@ import SotoCognitoAuthenticationKit
 @DependencyClient
 struct CognitoClient {
     var authenticate: @Sendable (_ req: Request, _ username: String, _ password: String) async throws -> CognitoAuthenticateResponse
-    var authenticateToken: @Sendable (_ req: Request, _ sessionID: String, _ accessToken: String, _ eventLoop: EventLoop) async throws -> Void
+    var authenticateToken: @Sendable (_ req: Request, _ sessionID: String, _ accessToken: String) async throws -> Void
     var signup: @Sendable (_ req: Request, _ username: String, _ password: String) async throws -> Void
     var resetPassword: @Sendable (_ req: Request, _ username: String, _ password: String, _ confirmationCode: String) async throws -> Void
     var forgotPassword: @Sendable (_ req: Request, _ username: String) async throws -> Void
@@ -32,7 +32,7 @@ extension CognitoClient: DependencyKey {
     static var liveValue: CognitoClient {
         .init(
             authenticate: { req, username, password in try await Cognito.authenticate(req: req, username: username, password: password) },
-            authenticateToken: { req, sessionID, accessToken, eventLoop in try await Cognito.authenticateToken(req: req, sessionID: sessionID, accessToken: accessToken, on: eventLoop)},
+            authenticateToken: { req, sessionID, accessToken in try await Cognito.authenticateToken(req: req, sessionID: sessionID, accessToken: accessToken)},
             signup : { req, username, password in try await Cognito.signup(req: req, username: username, password: password) },
             resetPassword : { req, username, password, confirmationCode in try await Cognito.resetPassword(req: req, username: username, password: password, confirmationCode: confirmationCode) },
             forgotPassword: { req, username in try await Cognito.forgotPassword(req: req, username: username) },

Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,7 @@ struct Cognito {`
`21`	`21`	`}`
`22`	`22`
`23`	`23`	`@Sendable`
`24`		`- static func authenticateToken(req: Request, sessionID: String, accessToken: String, on eventLoop: EventLoop) async throws -> Void {`
	`24`	`+ static func authenticateToken(req: Request, sessionID: String, accessToken: String) async throws -> Void {`
`25`	`25`	`let awsClient = AWSClient(httpClientProvider: .shared(req.application.http.client.shared))`
`26`	`26`	`let awsCognitoConfiguration = CognitoConfiguration(`
`27`	`27`	`userPoolId: Environment.get("AWS_COGNITO_POOL_ID")!,`