added refresh?:boolean to getAccessToken() to force refresh AT

Author: tusharpandey13

src/server/auth-client.ts

@@ -669,7 +669,8 @@ export class AuthClient {
    * refresh it using the refresh token, if available.
    */
   async getTokenSet(
-    tokenSet: TokenSet
+    tokenSet: TokenSet,
+    forceRefresh?: boolean | undefined
   ): Promise<[null, TokenSet] | [SdkError, null]> {
     // the access token has expired but we do not have a refresh token
     if (!tokenSet.refreshToken && tokenSet.expiresAt <= Date.now() / 1000) {
@@ -682,68 +683,82 @@ export class AuthClient {
       ];
     }
 
-    // the access token has expired and we have a refresh token
-    if (tokenSet.refreshToken && tokenSet.expiresAt <= Date.now() / 1000) {
-      const [discoveryError, authorizationServerMetadata] =
-        await this.discoverAuthorizationServerMetadata();
+    if (tokenSet.refreshToken) {
+      // either the access token has expired or we are forcing a refresh
+      if (forceRefresh || tokenSet.expiresAt <= Date.now() / 1000) {
+        return this.refreshTokenFlow({
+          ...tokenSet,
+          refreshToken: tokenSet.refreshToken
+        });
+      }
+    }
 
-      if (discoveryError) {
-        console.error(discoveryError);
-        return [discoveryError, null];
+    return [null, tokenSet];
+  }
+
+  // refreshTokenFlow refreshes the access token using the refresh token.
+  private async refreshTokenFlow(
+    tokenSet: TokenSet & {
+      refreshToken: string;
+    }
+  ): Promise<[null, TokenSet] | [SdkError, null]> {
+    const [discoveryError, authorizationServerMetadata] =
+      await this.discoverAuthorizationServerMetadata();
+
+    if (discoveryError) {
+      console.error(discoveryError);
+      return [discoveryError, null];
+    }
+
+    const refreshTokenRes = await oauth.refreshTokenGrantRequest(
+      authorizationServerMetadata,
+      this.clientMetadata,
+      await this.getClientAuth(),
+      tokenSet.refreshToken,
+      {
+        ...this.httpOptions(),
+        [oauth.customFetch]: this.fetch,
+        [oauth.allowInsecureRequests]: this.allowInsecureRequests
       }
+    );
 
-      const refreshTokenRes = await oauth.refreshTokenGrantRequest(
+    let oauthRes: oauth.TokenEndpointResponse;
+    try {
+      oauthRes = await oauth.processRefreshTokenResponse(
         authorizationServerMetadata,
         this.clientMetadata,
-        await this.getClientAuth(),
-        tokenSet.refreshToken,
-        {
-          ...this.httpOptions(),
-          [oauth.customFetch]: this.fetch,
-          [oauth.allowInsecureRequests]: this.allowInsecureRequests
-        }
+        refreshTokenRes
       );
+    } catch (e: any) {
+      console.error(e);
+      return [
+        new AccessTokenError(
+          AccessTokenErrorCode.FAILED_TO_REFRESH_TOKEN,
+          "The access token has expired and there was an error while trying to refresh it. Check the server logs for more information."
+        ),
+        null
+      ];
+    }
 
-      let oauthRes: oauth.TokenEndpointResponse;
-      try {
-        oauthRes = await oauth.processRefreshTokenResponse(
-          authorizationServerMetadata,
-          this.clientMetadata,
-          refreshTokenRes
-        );
-      } catch (e: any) {
-        console.error(e);
-        return [
-          new AccessTokenError(
-            AccessTokenErrorCode.FAILED_TO_REFRESH_TOKEN,
-            "The access token has expired and there was an error while trying to refresh it. Check the server logs for more information."
-          ),
-          null
-        ];
-      }
-
-      const accessTokenExpiresAt =
-        Math.floor(Date.now() / 1000) + Number(oauthRes.expires_in);
-
-      const updatedTokenSet = {
-        ...tokenSet, // contains the existing `iat` claim to maintain the session lifetime
-        accessToken: oauthRes.access_token,
-        idToken: oauthRes.id_token,
-        expiresAt: accessTokenExpiresAt
-      };
+    const accessTokenExpiresAt =
+      Math.floor(Date.now() / 1000) + Number(oauthRes.expires_in);
 
-      if (oauthRes.refresh_token) {
-        // refresh token rotation is enabled, persist the new refresh token from the response
-        updatedTokenSet.refreshToken = oauthRes.refresh_token;
-      } else {
-        // we did not get a refresh token back, keep the current long-lived refresh token around
-        updatedTokenSet.refreshToken = tokenSet.refreshToken;
-      }
+    const updatedTokenSet = {
+      ...tokenSet, // contains the existing `iat` claim to maintain the session lifetime
+      accessToken: oauthRes.access_token,
+      idToken: oauthRes.id_token,
+      expiresAt: accessTokenExpiresAt
+    };
 
-      return [null, updatedTokenSet];
+    if (oauthRes.refresh_token) {
+      // refresh token rotation is enabled, persist the new refresh token from the response
+      updatedTokenSet.refreshToken = oauthRes.refresh_token;
+    } else {
+      // we did not get a refresh token back, keep the current long-lived refresh token around
+      updatedTokenSet.refreshToken = tokenSet.refreshToken;
     }
 
-    return [null, tokenSet];
+    return [null, updatedTokenSet];
   }
 
   private async discoverAuthorizationServerMetadata(): Promise<

src/server/client.ts

@@ -315,7 +315,9 @@ export class Auth0Client {
    * NOTE: Server Components cannot set cookies. Calling `getAccessToken()` in a Server Component will cause the access token to be refreshed, if it is expired, and the updated token set will not to be persisted.
    * It is recommended to call `getAccessToken(req, res)` in the middleware if you need to retrieve the access token in a Server Component to ensure the updated token set is persisted.
    */
-  async getAccessToken(): Promise<{ token: string; expiresAt: number }>;
+  async getAccessToken(
+    refresh?: boolean
+  ): Promise<{ token: string; expiresAt: number }>;
 
   /**
    * getAccessToken returns the access token.
@@ -324,19 +326,32 @@ export class Auth0Client {
    */
   async getAccessToken(
     req: PagesRouterRequest | NextRequest,
-    res: PagesRouterResponse | NextResponse
+    res: PagesRouterResponse | NextResponse,
+    refresh?: boolean
   ): Promise<{ token: string; expiresAt: number }>;
 
   /**
    * getAccessToken returns the access token.
-   *
-   * NOTE: Server Components cannot set cookies. Calling `getAccessToken()` in a Server Component will cause the access token to be refreshed, if it is expired, and the updated token set will not to be persisted.
-   * It is recommended to call `getAccessToken(req, res)` in the middleware if you need to retrieve the access token in a Server Component to ensure the updated token set is persisted.
    */
   async getAccessToken(
-    req?: PagesRouterRequest | NextRequest,
-    res?: PagesRouterResponse | NextResponse
+    reqOrRefresh?: PagesRouterRequest | NextRequest | boolean,
+    res?: PagesRouterResponse | NextResponse,
+    refresh?: boolean
   ): Promise<{ token: string; expiresAt: number; scope?: string }> {
+    // Parameter type handling
+    let req: PagesRouterRequest | NextRequest | undefined;
+    let actualForceRefresh: boolean | undefined;
+
+    // Check if the first parameter is a request object or a boolean
+    if (typeof reqOrRefresh === "boolean" || reqOrRefresh === undefined) {
+      // App Router case (forceRefresh as first param)
+      actualForceRefresh = reqOrRefresh as boolean | undefined;
+    } else {
+      // Pages Router case (req/res as first params)
+      req = reqOrRefresh;
+      actualForceRefresh = refresh;
+    }
+
     const session: SessionData | null = req
       ? await this.getSession(req)
       : await this.getSession();
@@ -349,26 +364,21 @@ export class Auth0Client {
     }
 
     const [error, tokenSet] = await this.authClient.getTokenSet(
-      session.tokenSet
+      session.tokenSet,
+      actualForceRefresh // Pass forceRefresh to token refresh logic
     );
+
     if (error) {
       throw error;
     }
 
-    // update the session with the new token set, if necessary
+    // Update session if token changed
     if (
       tokenSet.accessToken !== session.tokenSet.accessToken ||
       tokenSet.expiresAt !== session.tokenSet.expiresAt ||
       tokenSet.refreshToken !== session.tokenSet.refreshToken
     ) {
-      await this.saveToSession(
-        {
-          ...session,
-          tokenSet
-        },
-        req,
-        res
-      );
+      await this.saveToSession({ ...session, tokenSet }, req, res);
     }
 
     return {