@microcosmmoney/auth-core 1.1.0 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/client.js +5 -2
  2. package/dist/token-manager.js +3 -1
  3. package/package.json +1 -1
package/dist/client.js CHANGED
@@ -62,7 +62,8 @@ class MicrocosmAuthClient {
62
62
  throw new Error('Missing authorization code');
63
63
  }
64
64
  const savedState = this.storage.get(storage_1.STORAGE_KEYS.OAUTH_STATE);
65
- if (state && savedState && state !== savedState) {
65
+ if (!state || !savedState || state !== savedState) {
66
+ this.storage.remove(storage_1.STORAGE_KEYS.OAUTH_STATE);
66
67
  throw new Error('Invalid state parameter (possible CSRF)');
67
68
  }
68
69
  this.storage.remove(storage_1.STORAGE_KEYS.OAUTH_STATE);
@@ -77,10 +78,12 @@ class MicrocosmAuthClient {
77
78
  throw new Error(errorData.error_description || errorData.error || 'Token exchange failed');
78
79
  }
79
80
  const tokenData = await tokenResponse.json();
81
+ const MAX_EXPIRY = 86400;
82
+ const expiresIn = Math.min(Math.max(Number(tokenData.expires_in) || 3600, 60), MAX_EXPIRY);
80
83
  const tokens = {
81
84
  accessToken: tokenData.access_token,
82
85
  refreshToken: tokenData.refresh_token,
83
- expiresAt: Date.now() + (tokenData.expires_in || 3600) * 1000,
86
+ expiresAt: Date.now() + expiresIn * 1000,
84
87
  };
85
88
  this.tokenManager.setTokens(tokens);
86
89
  const user = await this.fetchUserProfile(tokens.accessToken);
package/dist/token-manager.js CHANGED
@@ -97,10 +97,12 @@ class TokenManager {
97
97
  this.clear();
98
98
  return null;
99
99
  }
100
+ const MAX_EXPIRY = 86400;
101
+ const expiresIn = Math.min(Math.max(Number(data.expires_in) || 3600, 60), MAX_EXPIRY);
100
102
  this.setTokens({
101
103
  accessToken: data.access_token,
102
104
  refreshToken: data.refresh_token || refreshToken,
103
- expiresAt: Date.now() + (data.expires_in || 3600) * 1000,
105
+ expiresAt: Date.now() + expiresIn * 1000,
104
106
  });
105
107
  return data.access_token;
106
108
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@microcosmmoney/auth-core",
3
- "version": "1.1.0",
3
+ "version": "1.2.0",
4
4
  "description": "Microcosm OAuth 2.0 authentication core library",
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/index.d.ts",