create the refreshAccessToken function to use if we need it

alishaevn · alishaevn · commit 28125735e326 · 2023-02-28T17:06:50.000-06:00
diff --git a/pages/api/auth/[...nextauth].js b/pages/api/auth/[...nextauth].js
@@ -1,4 +1,5 @@
 import NextAuth from 'next-auth'
+import axios from 'axios'
 
 // For more information on each option (and a full list of options) go to: https://next-auth.js.org/configuration/options
 const authOptions = {
@@ -28,11 +29,21 @@ const authOptions = {
   callbacks: {
     async jwt({ token, account, user }) {
       // Triggered on the initial sign in
-      // TODO(alishaevn): account for the refresh token
       if (account && user) {
-        token.accessToken = account.access_token
+        return {
+          accessToken: account.access_token,
+          refreshToken: account.refresh_token,
+          user,
+        }
+      }
+
+      // Return previous token if the access token has not expired yet
+      if (token.accessTokenExpires && (Date.now() < token.accessTokenExpires)) {
+        return token
       }
-      return token
+
+      // Access token has expired, try to update it
+      return refreshAccessToken(token)
     },
     async session({ session, token }) {
       // Send additional properties to the client
@@ -42,4 +53,41 @@ const authOptions = {
   }
 }
 
+/**
+ * Takes a token, and returns a new token with an updated `accessToken`.
+ * If an error occurs, returns the old token and an error property
+ */
+const refreshAccessToken = async (token) => {
+  try {
+    const url = `https://${process.env.NEXT_PUBLIC_PROVIDER_NAME}.scientist.com/oauth/token`
+    const encodedString = Buffer.from(`${process.env.CLIENT_ID}:${process.env.CLIENT_SECRET}`).toString('base64')
+    const params = new URLSearchParams({
+      grant_type: 'refresh_token',
+      refresh_token: token.refreshToken,
+    })
+
+    const response = await axios.post(url, params, {
+      headers: {
+        'Authorization': `Basic ${encodedString}`,
+      },
+    })
+    const refreshedTokens = response.data
+
+    if (response.status !== 200) {
+      throw refreshedTokens
+    }
+
+    return {
+      ...token,
+      accessToken: refreshedTokens.access_token,
+      refreshToken: refreshedTokens.refresh_token ?? token.refreshToken, // Fall back to the old refresh token
+    }
+  } catch (error) {
+    return {
+      ...token,
+      error: 'RefreshAccessTokenError',
+    }
+  }
+}
+
 export default NextAuth(authOptions)
