npm - @aiam/ciba - Versions diffs - 0.8.6 → 0.8.7 - Mend

@aiam/ciba 0.8.6 → 0.8.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/ciba.mjs +14 -4
package/package.json +1 -1

package/ciba.mjs CHANGED Viewed

@@ -468,18 +468,28 @@ function startDaemon(provider, deviceDoc, privateKey, serverUrl) {
           if (cachedName) {
             const cachedMap = deviceDoc.getMap(cachedName);
             const exp = cachedMap.get('exp');
-            if (exp && exp > Math.floor(Date.now() / 1000) + 60) {
+            const now = Math.floor(Date.now() / 1000);
+            // Return cached token if: no exp set (server manages expiry),
+            // or exp is still valid. Only skip if we know it's expired.
+            const isExpired = exp && exp < now + 60;
+            if (!isExpired) {
               const token = decryptFromTokenMap(cachedMap);
               if (token) { conn.end(JSON.stringify({ token })); return; }
             }
           }
+          const prevTokenMapName = resourcesMap.get(requestedResource);
           const newRid = randomBytes(8).toString('base64url');
-          dlog(`cache miss; writing requests[${newRid}] attrs=${JSON.stringify(attrs)}`);
+          dlog(`cache miss; writing requests[${newRid}] attrs=${JSON.stringify(attrs)} resources=${JSON.stringify([...resourcesMap.entries()])}`);
           requests.set(newRid, { ...attrs, status: 'pending', created_at: new Date().toISOString() });
-          dlog(`resources map: ${JSON.stringify([...resourcesMap.entries()])} requested=${requestedResource}`);
-          const prevTokenMapName = resourcesMap.get(requestedResource);
+          // Immediate re-check: token may have landed between cache check and now.
+          const postWriteName = resourcesMap.get(requestedResource);
+          if (postWriteName && postWriteName !== prevTokenMapName) {
+            const m = deviceDoc.getMap(postWriteName);
+            const token = decryptFromTokenMap(m);
+            if (token) { conn.end(JSON.stringify({ token })); return; }
+          }
           const newTokenMap = deviceDoc.getMap(`token:${newRid}`);
           const viaRid = firstInYMap(newTokenMap, (key) => key === 'ciphertext' || key === 'error', 30_000)

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@aiam/ciba",
-  "version": "0.8.6",
+  "version": "0.8.7",
   "description": "OAuth 2.0 Device Authorization Grant CLI with cross-device push approval (Yjs sync, ECDH-encrypted token delivery, persistent device id)",
   "type": "module",
   "bin": {