@faststore/core 3.71.0 → 3.72.0

package/.turbo/turbo-build.log

@@ -1,23 +1,23 @@
 
-> @faststore/core@3.70.2 prebuild /home/runner/work/faststore/faststore/packages/core
+> @faststore/core@3.71.0 prebuild /home/runner/work/faststore/faststore/packages/core
 > na run partytown && na run generate
 
 
-> @faststore/core@3.70.2 partytown /home/runner/work/faststore/faststore/packages/core
+> @faststore/core@3.71.0 partytown /home/runner/work/faststore/faststore/packages/core
 > partytown copylib ./public/~partytown
 
 Partytown lib copied to: /home/runner/work/faststore/faststore/packages/core/public/~partytown
 
-> @faststore/core@3.70.2 generate /home/runner/work/faststore/faststore/packages/core
+> @faststore/core@3.71.0 generate /home/runner/work/faststore/faststore/packages/core
 > na run generate:schema && na run generate:codegen && na run format:generated
 
 
-> @faststore/core@3.70.2 generate:schema /home/runner/work/faststore/faststore/packages/core
+> @faststore/core@3.71.0 generate:schema /home/runner/work/faststore/faststore/packages/core
 > tsx src/server/generator/generateGraphQLSchemaFile.ts
 
 Schema GraphQL file generated successfully
 
-> @faststore/core@3.70.2 generate:codegen /home/runner/work/faststore/faststore/packages/core
+> @faststore/core@3.71.0 generate:codegen /home/runner/work/faststore/faststore/packages/core
 > graphql-codegen
 
 [STARTED] Parse Configuration
@@ -37,11 +37,11 @@ Running lifecycle hook "afterStart" scripts...
 [CLI] Loading Documents
 [CLI] Generating output
 
-> @faststore/core@3.70.2 format:generated /home/runner/work/faststore/faststore/packages/core
+> @faststore/core@3.71.0 format:generated /home/runner/work/faststore/faststore/packages/core
 > prettier --write "@generated/**/*.{ts,js,tsx,jsx,json}" --loglevel error
 
 
-> @faststore/core@3.70.2 build /home/runner/work/faststore/faststore/packages/core
+> @faststore/core@3.71.0 build /home/runner/work/faststore/faststore/packages/core
 > next build
 
 ⚠ No build cache found. Please configure build caching for faster rebuilds. Read more: https://nextjs.org/docs/messages/no-cache
@@ -73,19 +73,19 @@ Warning: Dynamic Content not found for the page: home. Refer to the Dynamic Cont
    Collecting build traces ...
 
 Route (pages)                              Size     First Load JS
-┌ ● /                                      3.66 kB         139 kB
+┌ ● /                                      3.66 kB         140 kB
 ├   └ css/b1806cbafd0c1f81.css             3.06 kB
-├   /_app                                  0 B             105 kB
-├ ● /[...slug]                             2.45 kB         147 kB
-├ ● /[slug]/p                              32.6 kB         168 kB
+├   /_app                                  0 B             106 kB
+├ ● /[...slug]                             2.45 kB         148 kB
+├ ● /[slug]/p                              32.6 kB         169 kB
 ├   ├ css/a3ca6a9b63f657be.css             5.75 kB
 ├   ├ css/62a5153ac7061286.css             6.11 kB
 ├   └ css/6831395ff5fd317a.css             16.1 kB
-├ ○ /404                                   1.55 kB         137 kB
-├ ● /500                                   1.55 kB         137 kB
-├ λ /account                               240 B           105 kB
-├ ● /account/[...unknown]                  281 B           105 kB
-├ λ /account/403                           2.44 kB         138 kB
+├ ○ /404                                   1.55 kB         138 kB
+├ ● /500                                   1.55 kB         138 kB
+├ λ /account                               240 B           106 kB
+├ ● /account/[...unknown]                  281 B           106 kB
+├ λ /account/403                           2.44 kB         139 kB
 ├   └ css/b7bba8fce075688b.css             4.2 kB
 ├ λ /account/404                           2.13 kB         138 kB
 ├   └ css/5347dbc8b71de47d.css             4.25 kB
@@ -93,24 +93,24 @@ Route (pages)                              Size     First Load JS
 ├   └ css/3d41485722b4e3f5.css             12.1 kB
 ├ λ /account/orders/[id]                   12.1 kB         148 kB
 ├   └ css/70353bf19c496790.css             12.6 kB
-├ λ /account/profile                       1.79 kB         137 kB
+├ λ /account/profile                       1.79 kB         138 kB
 ├   └ css/831a1f72fe4b2d80.css             3.97 kB
-├ λ /account/security                      2.48 kB         138 kB
+├ λ /account/security                      2.48 kB         139 kB
 ├   └ css/32b1696118552960.css             5.19 kB
-├ λ /account/user-details                  1.74 kB         137 kB
+├ λ /account/user-details                  1.74 kB         138 kB
 ├   └ css/e46393a76c5d93a9.css             4.17 kB
-├ λ /api/graphql                           0 B             105 kB
-├ λ /api/health/live                       0 B             105 kB
-├ λ /api/health/ready                      0 B             105 kB
-├ λ /api/preview                           0 B             105 kB
-├ ● /checkout                              737 B           136 kB
-├ ● /login                                 1.68 kB         137 kB
+├ λ /api/graphql                           0 B             106 kB
+├ λ /api/health/live                       0 B             106 kB
+├ λ /api/health/ready                      0 B             106 kB
+├ λ /api/preview                           0 B             106 kB
+├ ● /checkout                              737 B           137 kB
+├ ● /login                                 1.68 kB         138 kB
 └ ● /s                                     3.28 kB         148 kB
-+ First Load JS shared by all              108 kB
++ First Load JS shared by all              109 kB
   ├ chunks/framework-807b0f81cbc129f0.js   45.4 kB
   ├ chunks/main-f658704b53a96ab1.js        33.1 kB
-  ├ chunks/pages/_app-728289774860e9d9.js  22.8 kB
-  ├ chunks/webpack-50cb24c3054682c1.js     3.81 kB
+  ├ chunks/pages/_app-4068e2b477988545.js  23.5 kB
+  ├ chunks/webpack-2ddf567180dd5aaa.js     3.81 kB
   └ css/0a57ee6c7a57788c.css               3.49 kB
 
 λ  (Server)  server-side renders at runtime (uses getInitialProps or getServerSideProps)

package/.turbo/turbo-test.log

@@ -1,14 +1,14 @@
 
-> @faststore/core@3.70.2 test /home/runner/work/faststore/faststore/packages/core
+> @faststore/core@3.71.0 test /home/runner/work/faststore/faststore/packages/core
 > jest
 
-PASS test/server/cms/global.test.ts (26.235 s)
-PASS test/utils/multipleTemplates.test.ts (26.425 s)
+PASS test/utils/multipleTemplates.test.ts (26.363 s)
+PASS test/server/cms/global.test.ts (26.431 s)
 PASS test/server/cms/index.test.ts
-PASS test/server/index.test.ts (29.853 s)
+PASS test/server/index.test.ts (29.79 s)
 
 Test Suites: 4 passed, 4 total
 Tests:       22 passed, 22 total
 Snapshots:   0 total
-Time:        31.157 s
+Time:        31.087 s
 Ran all test suites.

package/@generated/gql.ts

@@ -82,7 +82,7 @@ const documents = {
     types.ClientSearchSuggestionsQueryDocument,
   '\n  query ClientTopSearchSuggestionsQuery(\n    $term: String!\n    $selectedFacets: [IStoreSelectedFacet!]\n  ) {\n    ...ClientTopSearchSuggestions\n    search(first: 5, term: $term, selectedFacets: $selectedFacets) {\n      suggestions {\n        terms {\n          value\n        }\n      }\n    }\n  }\n':
     types.ClientTopSearchSuggestionsQueryDocument,
-  '\n  mutation ValidateSession($session: IStoreSession!, $search: String!) {\n    validateSession(session: $session, search: $search) {\n      locale\n      channel\n      country\n      addressType\n      postalCode\n      city\n      deliveryMode {\n        deliveryChannel\n        deliveryMethod\n        deliveryWindow {\n          startDate\n          endDate\n        }\n      }\n      geoCoordinates {\n        latitude\n        longitude\n      }\n      currency {\n        code\n        symbol\n      }\n      person {\n        id\n        email\n        givenName\n        familyName\n      }\n      b2b {\n        customerId\n        isRepresentative\n        unitName\n        unitId\n        firstName\n        lastName\n        userName\n        userEmail\n        savedPostalCode\n      }\n      marketingData {\n        utmCampaign\n        utmMedium\n        utmSource\n        utmiCampaign\n        utmiPage\n        utmiPart\n      }\n    }\n  }\n':
+  '\n  mutation ValidateSession($session: IStoreSession!, $search: String!) {\n    validateSession(session: $session, search: $search) {\n      locale\n      channel\n      country\n      addressType\n      postalCode\n      city\n      deliveryMode {\n        deliveryChannel\n        deliveryMethod\n        deliveryWindow {\n          startDate\n          endDate\n        }\n      }\n      geoCoordinates {\n        latitude\n        longitude\n      }\n      currency {\n        code\n        symbol\n      }\n      person {\n        id\n        email\n        givenName\n        familyName\n      }\n      b2b {\n        customerId\n        isRepresentative\n        unitName\n        unitId\n        firstName\n        lastName\n        userName\n        userEmail\n        savedPostalCode\n      }\n      marketingData {\n        utmCampaign\n        utmMedium\n        utmSource\n        utmiCampaign\n        utmiPage\n        utmiPart\n      }\n      refreshAfter\n    }\n  }\n':
     types.ValidateSessionDocument,
   '\n  query ClientShippingSimulationQuery(\n    $postalCode: String!\n    $country: String!\n    $items: [IShippingItem!]!\n  ) {\n    ...ClientShippingSimulation\n    shipping(items: $items, postalCode: $postalCode, country: $country) {\n      logisticsInfo {\n        slas {\n          carrier\n          price\n          availableDeliveryWindows {\n            startDateUtc\n            endDateUtc\n            price\n            listPrice\n          }\n          shippingEstimate\n          localizedEstimates\n          deliveryChannel\n        }\n      }\n      address {\n        city\n        neighborhood\n        state\n      }\n    }\n  }\n':
     types.ClientShippingSimulationQueryDocument,
@@ -304,7 +304,7 @@ export function gql(
  * The gql function is used to parse GraphQL queries into a document that can be used by GraphQL clients.
  */
 export function gql(
-  source: '\n  mutation ValidateSession($session: IStoreSession!, $search: String!) {\n    validateSession(session: $session, search: $search) {\n      locale\n      channel\n      country\n      addressType\n      postalCode\n      city\n      deliveryMode {\n        deliveryChannel\n        deliveryMethod\n        deliveryWindow {\n          startDate\n          endDate\n        }\n      }\n      geoCoordinates {\n        latitude\n        longitude\n      }\n      currency {\n        code\n        symbol\n      }\n      person {\n        id\n        email\n        givenName\n        familyName\n      }\n      b2b {\n        customerId\n        isRepresentative\n        unitName\n        unitId\n        firstName\n        lastName\n        userName\n        userEmail\n        savedPostalCode\n      }\n      marketingData {\n        utmCampaign\n        utmMedium\n        utmSource\n        utmiCampaign\n        utmiPage\n        utmiPart\n      }\n    }\n  }\n'
+  source: '\n  mutation ValidateSession($session: IStoreSession!, $search: String!) {\n    validateSession(session: $session, search: $search) {\n      locale\n      channel\n      country\n      addressType\n      postalCode\n      city\n      deliveryMode {\n        deliveryChannel\n        deliveryMethod\n        deliveryWindow {\n          startDate\n          endDate\n        }\n      }\n      geoCoordinates {\n        latitude\n        longitude\n      }\n      currency {\n        code\n        symbol\n      }\n      person {\n        id\n        email\n        givenName\n        familyName\n      }\n      b2b {\n        customerId\n        isRepresentative\n        unitName\n        unitId\n        firstName\n        lastName\n        userName\n        userEmail\n        savedPostalCode\n      }\n      marketingData {\n        utmCampaign\n        utmMedium\n        utmSource\n        utmiCampaign\n        utmiPage\n        utmiPart\n      }\n      refreshAfter\n    }\n  }\n'
 ): typeof import('./graphql').ValidateSessionDocument
 /**
  * The gql function is used to parse GraphQL queries into a document that can be used by GraphQL clients.

package/@generated/graphql.ts

@@ -571,6 +571,8 @@ export type IStoreSession = {
   person: InputMaybe<IStorePerson>
   /** Session input postal code. */
   postalCode: InputMaybe<Scalars['String']['input']>
+  /** Refresh token after Information. */
+  refreshAfter: InputMaybe<Scalars['String']['input']>
 }
 
 /** Input to the cancel order API. */
@@ -1543,6 +1545,8 @@ export type StoreSession = {
   person: Maybe<StorePerson>
   /** Session postal code. */
   postalCode: Maybe<Scalars['String']['output']>
+  /** Refresh token after Information. */
+  refreshAfter: Maybe<Scalars['String']['output']>
 }
 
 /** Product search results sorting options. */
@@ -3372,6 +3376,7 @@ export type ValidateSessionMutation = {
     addressType: string | null
     postalCode: string | null
     city: string | null
+    refreshAfter: string | null
     deliveryMode: {
       deliveryChannel: string
       deliveryMethod: string
@@ -4166,7 +4171,7 @@ export const ClientTopSearchSuggestionsQueryDocument = {
 export const ValidateSessionDocument = {
   __meta__: {
     operationName: 'ValidateSession',
-    operationHash: '259dd10b1c65ce4b20c9181feb7bec85ecb402e6',
+    operationHash: '5da2700f5a69ee8835b1cb6c69e14f4b6e12c4df',
   },
 } as unknown as TypedDocumentString<
   ValidateSessionMutation,

package/@generated/persisted-documents.json

@@ -21,7 +21,7 @@
   "34ea14c0d4a57ddf9bc11e4be0cd2b5a6506d3d4": "query ClientProfileQuery($id: String!) { profile(id: $id) { addresses { city country geoCoordinate postalCode } } }",
   "b548281d477a173be7b6960434604d69769a97e7": "fragment ClientSearchSuggestions on Query { search(first: 5, term: $term, selectedFacets: $selectedFacets) { suggestions { terms { value } } } } fragment ProductSummary_product on StoreProduct { additionalProperty { name propertyID value valueReference } advertisement { adId adResponseId } brand { brandName: name } brand { name } gtin image { alternateName url } isVariantOf { name productGroupID skuVariants { activeVariations allVariantsByName availableVariations slugsMap } } name offers { lowPrice lowPriceWithTaxes offers { availability listPrice listPriceWithTaxes price priceWithTaxes quantity seller { identifier } } } id: productID sku slug unitMultiplier } fragment SearchEvent_metadata on SearchMetadata { fuzzy isTermMisspelled logicalOperator } query ClientSearchSuggestionsQuery($selectedFacets: [IStoreSelectedFacet!], $term: String!) { search(first: 5, term: $term, selectedFacets: $selectedFacets) { metadata { ...SearchEvent_metadata } products { pageInfo { totalCount } } suggestions { products { ...ProductSummary_product } terms { value } } } ...ClientSearchSuggestions }",
   "e2385b0f11726d0068f96548f57a8dd441c064e3": "fragment ClientTopSearchSuggestions on Query { search(first: 5, term: $term, selectedFacets: $selectedFacets) { suggestions { terms { value } } } } query ClientTopSearchSuggestionsQuery($selectedFacets: [IStoreSelectedFacet!], $term: String!) { search(first: 5, term: $term, selectedFacets: $selectedFacets) { suggestions { terms { value } } } ...ClientTopSearchSuggestions }",
-  "259dd10b1c65ce4b20c9181feb7bec85ecb402e6": "mutation ValidateSession($search: String!, $session: IStoreSession!) { validateSession(session: $session, search: $search) { addressType b2b { customerId firstName isRepresentative lastName savedPostalCode unitId unitName userEmail userName } channel city country currency { code symbol } deliveryMode { deliveryChannel deliveryMethod deliveryWindow { endDate startDate } } geoCoordinates { latitude longitude } locale marketingData { utmCampaign utmMedium utmSource utmiCampaign utmiPage utmiPart } person { email familyName givenName id } postalCode } }",
+  "5da2700f5a69ee8835b1cb6c69e14f4b6e12c4df": "mutation ValidateSession($search: String!, $session: IStoreSession!) { validateSession(session: $session, search: $search) { addressType b2b { customerId firstName isRepresentative lastName savedPostalCode unitId unitName userEmail userName } channel city country currency { code symbol } deliveryMode { deliveryChannel deliveryMethod deliveryWindow { endDate startDate } } geoCoordinates { latitude longitude } locale marketingData { utmCampaign utmMedium utmSource utmiCampaign utmiPage utmiPart } person { email familyName givenName id } postalCode refreshAfter } }",
   "c35bad22f67f3eb34fea52bb49efa6b1da6b728d": "fragment ClientShippingSimulation on Query { shipping(items: $items, postalCode: $postalCode, country: $country) { address { city } } } query ClientShippingSimulationQuery($country: String!, $items: [IShippingItem!]!, $postalCode: String!) { shipping(items: $items, postalCode: $postalCode, country: $country) { address { city neighborhood state } logisticsInfo { slas { availableDeliveryWindows { endDateUtc listPrice price startDateUtc } carrier deliveryChannel localizedEstimates price shippingEstimate } } } ...ClientShippingSimulation }",
   "5c2181dde311ca80b72e0cc76ac0855d8aa8b51e": "fragment ClientManyProducts on Query { search( first: $first after: $after sort: $sort term: $term selectedFacets: $selectedFacets sponsoredCount: $sponsoredCount ) { products { pageInfo { totalCount } } } } fragment ProductSummary_product on StoreProduct { additionalProperty { name propertyID value valueReference } advertisement { adId adResponseId } brand { brandName: name } brand { name } gtin image { alternateName url } isVariantOf { name productGroupID skuVariants { activeVariations allVariantsByName availableVariations slugsMap } } name offers { lowPrice lowPriceWithTaxes offers { availability listPrice listPriceWithTaxes price priceWithTaxes quantity seller { identifier } } } id: productID sku slug unitMultiplier } fragment SearchEvent_metadata on SearchMetadata { fuzzy isTermMisspelled logicalOperator } query ServerManyProductsQuery($after: String, $first: Int!, $selectedFacets: [IStoreSelectedFacet!]!, $sort: StoreSort!, $sponsoredCount: Int, $term: String!) { search( first: $first after: $after sort: $sort term: $term selectedFacets: $selectedFacets sponsoredCount: $sponsoredCount ) { metadata { ...SearchEvent_metadata } products { edges { node { ...ProductSummary_product } } pageInfo { totalCount } } } ...ClientManyProducts }"
 }

package/@generated/schema.graphql

@@ -1207,6 +1207,8 @@ type StoreSession {
   b2b: StoreB2B
   """Marketing information."""
   marketingData: StoreMarketingData
+  """Refresh token after Information."""
+  refreshAfter: String
 }
 
 type StoreB2B {
@@ -1259,6 +1261,8 @@ input IStoreSession {
   b2b: IStoreB2B
   """Marketing information input."""
   marketingData: IStoreMarketingData
+  """Refresh token after Information."""
+  refreshAfter: String
 }
 
 """Shipping Simulation item input."""

package/CHANGELOG.md

@@ -3,6 +3,12 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [3.72.0](https://github.com/vtex/faststore/compare/v3.71.0...v3.72.0) (2025-08-05)
+
+### Features
+
+- refresh token - SFS-2462 ([#2936](https://github.com/vtex/faststore/issues/2936)) ([0fc856f](https://github.com/vtex/faststore/commit/0fc856f46ffe800debccd90078564e9ff524e727)), closes [#1](https://github.com/vtex/faststore/issues/1) [#2](https://github.com/vtex/faststore/issues/2)
+
 # [3.71.0](https://github.com/vtex/faststore/compare/v3.70.2...v3.71.0) (2025-08-05)
 
 ### Features

package/discovery.config.default.js

@@ -66,6 +66,7 @@ module.exports = {
       utmiPart: '',
       utmiPage: '',
     },
+    refreshAfter: null, // timestamp in seconds e.g. '1743042990'
   },
 
   // Default cart
@@ -150,5 +151,6 @@ module.exports = {
       maxAge: 0, // 0 disables cache, 5 * 60 enable cache control maxAge 5 minutes
       staleWhileRevalidate: 60,
     },
+    refreshToken: false,
   },
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@faststore/core",
-  "version": "3.71.0",
+  "version": "3.72.0",
   "license": "MIT",
   "repository": "vtex/faststore",
   "browserslist": "supports es6-module and not dead",
@@ -44,10 +44,10 @@
     "@envelop/graphql-jit": "^8.0.3",
     "@envelop/parser-cache": "^6.0.2",
     "@envelop/validation-cache": "^6.0.2",
-    "@faststore/api": "^3.71.0",
+    "@faststore/api": "^3.72.0",
     "@faststore/graphql-utils": "^3.56.1",
     "@faststore/lighthouse": "^3.56.1",
-    "@faststore/sdk": "^3.68.0",
+    "@faststore/sdk": "^3.72.0",
     "@faststore/ui": "^3.70.2",
     "@graphql-codegen/cli": "5.0.2",
     "@graphql-codegen/client-preset": "4.2.6",
@@ -72,6 +72,7 @@
     "fs-extra": "^10.1.0",
     "graphql": "^15.6.0",
     "include-media": "^1.4.10",
+    "isomorphic-unfetch": "^3.1.0",
     "next": "^13.5.9",
     "next-seo": "^6.6.0",
     "postcss": "^8.4.4",
@@ -107,5 +108,5 @@
     "ts-jest": "29.1.1",
     "typescript": "5.3.2"
   },
-  "gitHead": "b7c679e5d2795a867964017fdbb2b08eaec20e09"
+  "gitHead": "716cd3fd6d6bfd6ec1f857ce6f3829669de2fe6c"
 }

package/src/pages/api/graphql.ts

@@ -1,11 +1,13 @@
 import {
   BadRequestError,
+  UnauthorizedError,
   isFastStoreError,
   stringifyCacheControl,
 } from '@faststore/api'
 import type { NextApiHandler, NextApiRequest } from 'next'
 
 import discoveryConfig from 'discovery.config'
+import { getJWTAutCookie, isExpired } from 'src/utils/getCookie'
 import { execute } from '../../server'
 
 const ONE_MINUTE = 60
@@ -75,6 +77,54 @@ const handler: NextApiHandler = async (request, response) => {
   try {
     const { operation, variables, query } = parseRequest(request)
 
+    if (
+      operation.__meta__.operationName === 'ValidateSession' &&
+      discoveryConfig.experimental?.refreshToken
+    ) {
+      const jwt = getJWTAutCookie({
+        headers: request.headers,
+        account: discoveryConfig.api.storeId,
+      })
+
+      const tokenExpired = Boolean(jwt && isExpired(Number(jwt?.exp)))
+
+      const refreshAfterExist = !!variables?.session?.refreshAfter
+
+      const refreshAfterExpired =
+        refreshAfterExist && isExpired(Number(variables.session.refreshAfter))
+
+      const tokenExistAndIsFirstRefreshTokenRequest =
+        !!jwt && !refreshAfterExist
+
+      // when token expired, browser clears the cookie, but we still have the refreshAfter in session and the refresh token cookie
+      const tokenNotExistAndRefreshAfterExistAndIsExpired =
+        !jwt && !!refreshAfterExist && refreshAfterExpired
+
+      const tokenExpiredAndRefreshAfterIsNullOrExpired =
+        tokenExpired && (!refreshAfterExist || refreshAfterExpired)
+
+      const shouldRefreshToken =
+        tokenExistAndIsFirstRefreshTokenRequest ||
+        tokenNotExistAndRefreshAfterExistAndIsExpired ||
+        tokenExpiredAndRefreshAfterIsNullOrExpired
+
+      if (shouldRefreshToken) {
+        throw new UnauthorizedError(
+          'Unauthorized: Token expired. Please login again or refresh the page.'
+        )
+      }
+    }
+
+    // Prevents to call ValidateSession or ValidateCartMutation without session (required) and get GraphQLError
+    const doNotRun =
+      (operation.__meta__.operationName === 'ValidateSession' ||
+        operation.__meta__.operationName === 'ValidateCartMutation') &&
+      !variables?.session
+
+    if (doNotRun) {
+      return
+    }
+
     const { data, errors, extensions } = await execute(
       {
         operation,
@@ -138,7 +188,13 @@ const handler: NextApiHandler = async (request, response) => {
       return
     }
 
+    if (err instanceof UnauthorizedError) {
+      response.status(401).end()
+      return
+    }
+
     response.status(500).end()
+    return
   }
 }
 

package/src/sdk/graphql/request.ts

@@ -81,5 +81,18 @@ const baseRequest = async <V = any, D = any>(
     },
   })
 
+  if (!response.ok) {
+    const statusText = response.statusText
+    return {
+      errors: [
+        {
+          status: response.status,
+          message: statusText,
+        },
+      ],
+      data: undefined,
+    } as GraphQLResponse<D>
+  }
+
   return response.json()
 }

package/src/sdk/session/index.ts

@@ -1,5 +1,6 @@
 import type { Session } from '@faststore/sdk'
 import { createSessionStore } from '@faststore/sdk'
+import fetch from 'isomorphic-unfetch'
 import { useMemo } from 'react'
 
 import { gql } from '@generated'
@@ -7,12 +8,16 @@ import type {
   ValidateSessionMutation,
   ValidateSessionMutationVariables,
 } from '@generated/graphql'
+import discoveryConfig from 'discovery.config'
+import { sanitizeHost } from 'src/utils/utilities'
 import storeConfig from '../../../discovery.config'
 import { cartStore } from '../cart'
 import { request } from '../graphql/request'
 import { getSavedAddress } from '../profile'
 import { createValidationStore, useStore } from '../useStore'
 
+const REFRESH_TOKEN_URL = `${discoveryConfig.storeUrl}/api/vtexid/refreshtoken/webstore`
+
 export const mutation = gql(`
   mutation ValidateSession($session: IStoreSession!, $search: String!) {
     validateSession(session: $session, search: $search) {
@@ -63,6 +68,7 @@ export const mutation = gql(`
         utmiPage
         utmiPart
       }
+      refreshAfter
     }
   }
 `)
@@ -107,12 +113,54 @@ export const validateSession = async (session: Session) => {
     }
   }
 
-  const data = await request<
-    ValidateSessionMutation,
-    ValidateSessionMutationVariables
-  >(mutation, { session, search: window.location.search })
+  try {
+    // Prevents to call ValidateSession without session (required) and get Error
+    if (!session) {
+      return null
+    }
+
+    const data = await request<
+      ValidateSessionMutation,
+      ValidateSessionMutationVariables
+    >(mutation, { session, search: window.location.search })
+
+    return data.validateSession
+  } catch (error) {
+    const shouldRefreshToken =
+      error?.status === 401 && storeConfig.experimental?.refreshToken
+
+    if (shouldRefreshToken) {
+      const headers: HeadersInit = {
+        'content-type': 'application/json',
+        Host: `${sanitizeHost(discoveryConfig.storeUrl)}`,
+      }
+
+      const result = await fetchWithRetry(REFRESH_TOKEN_URL, {
+        credentials: 'include',
+        headers,
+        body: JSON.stringify({}),
+        method: 'POST',
+      })
+
+      if (result?.status?.toLowerCase?.() === 'success') {
+        const refreshAfter = String(
+          Math.floor(new Date(result?.refreshAfter).getTime() / 1000)
+        )
 
-  return data.validateSession
+        sessionStore.set({
+          ...session,
+          refreshAfter,
+        })
+      } else {
+        // If the refresh token fails 3x, set the refreshAfter to now + 1 hour
+        // so that we can postpone refreshToken request and continue the ValidateSession request
+        sessionStore.set({
+          ...session,
+          refreshAfter: String(Math.floor(Date.now() / 1000) + 1 * 60 * 60), // now + 1 hour
+        })
+      }
+    }
+  }
 }
 
 const [validationStore, onValidate] = createValidationStore(validateSession)
@@ -145,8 +193,10 @@ interface SessionOptions {
  */
 
 export const useSession = ({ filter }: SessionOptions = { filter: true }) => {
-  let { channel, ...session } = useStore(sessionStore)
+  const currentSessionStore = sessionStore.read() ?? sessionStore.readInitial()
+  const resultSessionStore = useStore(sessionStore)
   const isValidating = useStore(validationStore)
+  let { channel, ...session } = resultSessionStore ?? currentSessionStore
 
   if (filter) {
     const { hasOnlyDefaultSalesChannel, ...filteredChannel } =
@@ -163,3 +213,23 @@ export const useSession = ({ filter }: SessionOptions = { filter: true }) => {
     [isValidating, session, channel]
   )
 }
+
+async function fetchWithRetry(
+  url: RequestInfo | URL,
+  init?: RequestInit,
+  maxRetries = 3
+) {
+  for (let i = 0; i < maxRetries; i++) {
+    try {
+      const res = await fetch(url, init)
+      if (res.status !== 200) continue
+
+      const data = await res.json()
+      if (data.status?.toLowerCase?.() === 'success') {
+        return data
+      }
+    } catch {}
+  }
+
+  return
+}

package/src/utils/getCookie.ts

@@ -1,3 +1,13 @@
+import { parse } from 'cookie'
+import type { NextApiRequest } from 'next/types'
+
+type Params = {
+  headers?: Record<string, string> | NextApiRequest['headers']
+  account: string
+}
+
+const MILLISECONDS_PER_SECOND = 1000
+
 export function getCookie(name: string): string | undefined {
   const cookieString = decodeURIComponent(document.cookie)
   const cookies = cookieString.split(';')
@@ -19,3 +29,15 @@ export function parseJwt(token: string) {
   }
   return JSON.parse(Buffer.from(token.split('.')[1], 'base64').toString())
 }
+
+export function getJWTAutCookie({ headers, account }: Params) {
+  const authCookie = parse(headers?.cookie ?? '')?.[
+    'VtexIdclientAutCookie_' + account
+  ]
+  return parseJwt(authCookie)
+}
+
+export function isExpired(exp: number): boolean {
+  const now = Math.floor(Date.now() / MILLISECONDS_PER_SECOND)
+  return now > exp
+}