Merge pull request #242 from scientist-softserv/232-refresh-token

232 refresh token

Author: alishaevn

pages/api/auth/[...nextauth].js

@@ -1,4 +1,7 @@
 import NextAuth from 'next-auth'
+import axios from 'axios'
+// TODO(alishaevn): use the api value from https://github.com/assaydepot/rx/issues/21497 in the next phase
+import { EXPIRATION_DURATION } from '../../../utils'
 
 // For more information on each option (and a full list of options) go to: https://next-auth.js.org/configuration/options
 const authOptions = {
@@ -28,11 +31,22 @@ const authOptions = {
   callbacks: {
     async jwt({ token, account, user }) {
       // Triggered on the initial sign in
-      // TODO(alishaevn): account for the refresh token
       if (account && user) {
-        token.accessToken = account.access_token
+        return {
+          accessToken: account.access_token,
+          accessTokenExpires: Date.now() + EXPIRATION_DURATION,
+          refreshToken: account.refresh_token,
+          user,
+        }
+      }
+
+      // Return previous token if the access token has not expired yet
+      if (token.accessTokenExpires && (Date.now() < token.accessTokenExpires)) {
+        return token
       }
-      return token
+
+      // Access token has expired, try to update it
+      return refreshAccessToken(token)
     },
     async session({ session, token }) {
       // Send additional properties to the client
@@ -42,4 +56,42 @@ const authOptions = {
   }
 }
 
+/**
+ * Takes a token, and returns a new token with an updated `accessToken`.
+ * If an error occurs, returns the old token and an error property
+ */
+const refreshAccessToken = async (token) => {
+  try {
+    const url = `https://${process.env.NEXT_PUBLIC_PROVIDER_NAME}.scientist.com/oauth/token`
+    const encodedString = Buffer.from(`${process.env.CLIENT_ID}:${process.env.CLIENT_SECRET}`).toString('base64')
+    const params = new URLSearchParams({
+      grant_type: 'refresh_token',
+      refresh_token: token.refreshToken,
+    })
+
+    const response = await axios.post(url, params, {
+      headers: {
+        'Authorization': `Basic ${encodedString}`,
+      },
+    })
+    const refreshedTokens = response.data
+
+    if (response.status !== 200) {
+      throw refreshedTokens
+    }
+
+    return {
+      ...token,
+      accessToken: refreshedTokens.access_token,
+      accessTokenExpires: Date.now() + EXPIRATION_DURATION,
+      refreshToken: refreshedTokens.refresh_token ?? token.refreshToken, // Fall back to the old refresh token
+    }
+  } catch (error) {
+    return {
+      ...token,
+      error: 'RefreshAccessTokenError',
+    }
+  }
+}
+
 export default NextAuth(authOptions)

utils/constants.js

@@ -103,3 +103,8 @@ export const NAVIGATION_LINKS = [
 // change this to '/services' to have this link to a page for an individual service.
 // if you choose to go this route, you can update the content for the service's page at pages/services/[ware].js
 export const FEATURED_SERVICE_PATH = '/requests/new'
+
+// TODO(alishaevn): use the api value from https://github.com/assaydepot/rx/issues/21497 in the next phase
+// this amount, listed in milliseconds, represents when the access token will expire
+// the default is 1 week
+export const EXPIRATION_DURATION = 604800000