@spidy092/auth-client 1.1.0 → 2.0.1

package/core.js

@@ -214,31 +214,55 @@ export function resetCallbackState() {
   console.log('🔄 Callback state reset');
 }
 
+// auth-client/core.js
 export async function refreshToken() {
   const { clientKey, authBaseUrl } = getConfig();
-  
-  console.log('🔄 Refreshing token:', { 
-    clientKey, 
-    mode: isRouterMode() ? 'ROUTER' : 'CLIENT' 
+  const refreshTokenValue = getRefreshToken(); // ✅ Now checks both cookie & localStorage
+
+  console.log('🔄 Refreshing token:', {
+    clientKey,
+    mode: isRouterMode() ? 'ROUTER' : 'CLIENT',
+    hasRefreshToken: !!refreshTokenValue
   });
-  
+
+  if (!refreshTokenValue) {
+    console.warn('⚠️ No refresh token available for refresh');
+    clearToken();
+    throw new Error('No refresh token available');
+  }
+
   try {
     const response = await fetch(`${authBaseUrl}/refresh/${clientKey}`, {
       method: 'POST',
-      credentials: 'include',
+      credentials: 'include', // ✅ Sends cookie if available
+      headers: {
+        'Content-Type': 'application/json',
+        'X-Refresh-Token': refreshTokenValue // ✅ Also send in header as fallback
+      },
+      body: JSON.stringify({
+        refreshToken: refreshTokenValue // ✅ Also send in body
+      })
     });
 
     if (!response.ok) {
       throw new Error('Refresh failed');
     }
 
-    const { access_token } = await response.json();
-    // ✅ This will trigger token listeners
+    const { access_token, refresh_token: new_refresh_token } = await response.json();
+
+    // ✅ Update access token (triggers listeners)
     setToken(access_token);
+
+    // ✅ Update refresh token in BOTH storages if backend returned new one
+    if (new_refresh_token) {
+      setRefreshToken(new_refresh_token);
+    }
+
     console.log('✅ Token refresh successful, listeners notified');
     return access_token;
   } catch (err) {
-    // ✅ This will trigger token listeners
+    console.error('❌ Token refresh failed:', err);
+    // ✅ Clear everything on refresh failure
     clearToken();
     clearRefreshToken();
     throw err;
@@ -246,6 +270,7 @@ export async function refreshToken() {
 }
 
 
+
 export async function validateCurrentSession() {
   try {
     const { authBaseUrl } = getConfig();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@spidy092/auth-client",
-  "version": "1.1.0",
+  "version": "2.0.1",
   "description": "Scalable frontend auth SDK for centralized login using Keycloak + Auth Service.",
   "main": "index.js",
   "module": "index.js",

package/token.js

@@ -1,4 +1,5 @@
-// auth-client/token.js
+// auth-client/token.js - CORRECTED VERSION
+
 import { jwtDecode } from 'jwt-decode';
 
 let accessToken = null;
@@ -17,6 +18,7 @@ function secureAttribute() {
   }
 }
 
+// ========== ACCESS TOKEN (localStorage - keeps working) ==========
 function writeAccessToken(token) {
   if (!token) {
     try {
@@ -43,6 +45,80 @@ function readAccessToken() {
   }
 }
 
+// ========== REFRESH TOKEN (Cookie + sessionStorage - REVERTED) ==========
+
+export function setRefreshToken(token) {
+  if (!token) {
+    clearRefreshToken();
+    return;
+  }
+
+  const expires = new Date(Date.now() + COOKIE_MAX_AGE * 1000);
+  
+  // ✅ REVERT: Use SameSite=Lax (NOT Strict) for SSO to work
+  try {
+    document.cookie = `${REFRESH_COOKIE}=${encodeURIComponent(token)}; Path=/; SameSite=Lax${secureAttribute()}; Expires=${expires.toUTCString()}`;
+    console.log('✅ Refresh token cookie set (SameSite=Lax for SSO)');
+  } catch (err) {
+    console.warn('Could not persist refresh token cookie:', err);
+  }
+
+  // ✅ REVERT: Keep sessionStorage (NOT localStorage) as fallback
+  try {
+    sessionStorage.setItem(REFRESH_COOKIE, token);
+    console.log('✅ Refresh token sessionStorage backup set');
+  } catch (err) {
+    console.warn('Could not persist refresh token to sessionStorage:', err);
+  }
+}
+
+export function getRefreshToken() {
+  // Prefer cookie to align with server expectations
+  let cookieMatch = null;
+  try {
+    cookieMatch = document.cookie
+      ?.split('; ')
+      ?.find((row) => row.startsWith(`${REFRESH_COOKIE}=`));
+  } catch (err) {
+    cookieMatch = null;
+  }
+
+  if (cookieMatch) {
+    console.log('✅ Retrieved refresh token from cookie');
+    return decodeURIComponent(cookieMatch.split('=')[1]);
+  }
+
+  // ✅ REVERT: Fallback to sessionStorage (NOT localStorage)
+  try {
+    const token = sessionStorage.getItem(REFRESH_COOKIE);
+    if (token) {
+      console.log('✅ Retrieved refresh token from sessionStorage (fallback)');
+    }
+    return token;
+  } catch (err) {
+    console.warn('Could not read refresh token from sessionStorage:', err);
+    return null;
+  }
+}
+
+export function clearRefreshToken() {
+  // ✅ REVERT: Clear with SameSite=Lax
+  try {
+    document.cookie = `${REFRESH_COOKIE}=; Path=/; SameSite=Lax${secureAttribute()}; Expires=Thu, 01 Jan 1970 00:00:00 GMT`;
+  } catch (err) {
+    console.warn('Could not clear refresh token cookie:', err);
+  }
+
+  // ✅ REVERT: Clear sessionStorage (NOT localStorage)
+  try {
+    sessionStorage.removeItem(REFRESH_COOKIE);
+  } catch (err) {
+    console.warn('Could not clear refresh token from sessionStorage:', err);
+  }
+}
+
+// ========== ACCESS TOKEN FUNCTIONS (unchanged) ==========
+
 function decode(token) {
   try {
     return jwtDecode(token);
@@ -102,63 +178,6 @@ export function clearToken() {
   });
 }
 
-export function setRefreshToken(token) {
-  if (!token) {
-    clearRefreshToken();
-    return;
-  }
-
-  const expires = new Date(Date.now() + COOKIE_MAX_AGE * 1000);
-  try {
-    document.cookie = `${REFRESH_COOKIE}=${encodeURIComponent(token)}; Path=/; SameSite=Strict${secureAttribute()}; Expires=${expires.toUTCString()}`;
-  } catch (err) {
-    console.warn('Could not persist refresh token cookie:', err);
-  }
-
-  try {
-    sessionStorage.setItem(REFRESH_COOKIE, token);
-  } catch (err) {
-    console.warn('Could not persist refresh token to sessionStorage:', err);
-  }
-}
-
-export function getRefreshToken() {
-  // Prefer cookie to align with server expectations
-  let cookieMatch = null;
-
-  try {
-    cookieMatch = document.cookie
-      ?.split('; ')
-      ?.find((row) => row.startsWith(`${REFRESH_COOKIE}=`));
-  } catch (err) {
-    cookieMatch = null;
-  }
-
-  if (cookieMatch) {
-    return decodeURIComponent(cookieMatch.split('=')[1]);
-  }
-
-  try {
-    return sessionStorage.getItem(REFRESH_COOKIE);
-  } catch (err) {
-    console.warn('Could not read refresh token from sessionStorage:', err);
-    return null;
-  }
-}
-
-export function clearRefreshToken() {
-  try {
-    document.cookie = `${REFRESH_COOKIE}=; Path=/; SameSite=Strict${secureAttribute()}; Expires=Thu, 01 Jan 1970 00:00:00 GMT`;
-  } catch (err) {
-    console.warn('Could not clear refresh token cookie:', err);
-  }
-  try {
-    sessionStorage.removeItem(REFRESH_COOKIE);
-  } catch (err) {
-    console.warn('Could not clear refresh token from sessionStorage:', err);
-  }
-}
-
 export function addTokenListener(listener) {
   if (typeof listener !== 'function') {
     throw new Error('Token listener must be a function');
@@ -182,3 +201,189 @@ export function isAuthenticated() {
   return !!token && !isExpired(token, 15);
 }
 
+
+
+// // auth-client/token.js
+// import { jwtDecode } from 'jwt-decode';
+
+// let accessToken = null;
+// const listeners = new Set();
+
+// const REFRESH_COOKIE = 'account_refresh_token';
+// const COOKIE_MAX_AGE = 7 * 24 * 60 * 60; // 7 days in seconds
+
+// function secureAttribute() {
+//   try {
+//     return typeof window !== 'undefined' && window.location?.protocol === 'https:'
+//       ? '; Secure'
+//       : '';
+//   } catch (err) {
+//     return '';
+//   }
+// }
+
+// function writeAccessToken(token) {
+//   if (!token) {
+//     try {
+//       localStorage.removeItem('authToken');
+//     } catch (err) {
+//       console.warn('Could not clear token from localStorage:', err);
+//     }
+//     return;
+//   }
+
+//   try {
+//     localStorage.setItem('authToken', token);
+//   } catch (err) {
+//     console.warn('Could not persist token to localStorage:', err);
+//   }
+// }
+
+// function readAccessToken() {
+//   try {
+//     return localStorage.getItem('authToken');
+//   } catch (err) {
+//     console.warn('Could not read token from localStorage:', err);
+//     return null;
+//   }
+// }
+
+// function decode(token) {
+//   try {
+//     return jwtDecode(token);
+//   } catch (err) {
+//     return null;
+//   }
+// }
+
+// function isExpired(token, bufferSeconds = 60) {
+//   if (!token) return true;
+//   const decoded = decode(token);
+//   if (!decoded?.exp) return true;
+//   const now = Date.now() / 1000;
+//   return decoded.exp < now + bufferSeconds;
+// }
+
+// export function setToken(token) {
+//   const previousToken = accessToken;
+//   accessToken = token || null;
+//   writeAccessToken(accessToken);
+
+//   if (previousToken !== accessToken) {
+//     listeners.forEach((listener) => {
+//       try {
+//         listener(accessToken, previousToken);
+//       } catch (err) {
+//         console.warn('Token listener error:', err);
+//       }
+//     });
+//   }
+// }
+
+// export function getToken() {
+//   if (accessToken) return accessToken;
+//   accessToken = readAccessToken();
+//   return accessToken;
+// }
+
+// export function clearToken() {
+//   if (!accessToken) {
+//     writeAccessToken(null);
+//     clearRefreshToken();
+//     return;
+//   }
+
+//   const previousToken = accessToken;
+//   accessToken = null;
+//   writeAccessToken(null);
+//   clearRefreshToken();
+
+//   listeners.forEach((listener) => {
+//     try {
+//       listener(null, previousToken);
+//     } catch (err) {
+//       console.warn('Token listener error:', err);
+//     }
+//   });
+// }
+
+// export function setRefreshToken(token) {
+//   if (!token) {
+//     clearRefreshToken();
+//     return;
+//   }
+
+//   const expires = new Date(Date.now() + COOKIE_MAX_AGE * 1000);
+//   try {
+//     document.cookie = `${REFRESH_COOKIE}=${encodeURIComponent(token)}; Path=/; SameSite=Strict${secureAttribute()}; Expires=${expires.toUTCString()}`;
+//   } catch (err) {
+//     console.warn('Could not persist refresh token cookie:', err);
+//   }
+
+//   try {
+//     sessionStorage.setItem(REFRESH_COOKIE, token);
+//   } catch (err) {
+//     console.warn('Could not persist refresh token to sessionStorage:', err);
+//   }
+// }
+
+// export function getRefreshToken() {
+//   // Prefer cookie to align with server expectations
+//   let cookieMatch = null;
+
+//   try {
+//     cookieMatch = document.cookie
+//       ?.split('; ')
+//       ?.find((row) => row.startsWith(`${REFRESH_COOKIE}=`));
+//   } catch (err) {
+//     cookieMatch = null;
+//   }
+
+//   if (cookieMatch) {
+//     return decodeURIComponent(cookieMatch.split('=')[1]);
+//   }
+
+//   try {
+//     return sessionStorage.getItem(REFRESH_COOKIE);
+//   } catch (err) {
+//     console.warn('Could not read refresh token from sessionStorage:', err);
+//     return null;
+//   }
+// }
+
+// export function clearRefreshToken() {
+//   try {
+//     document.cookie = `${REFRESH_COOKIE}=; Path=/; SameSite=Strict${secureAttribute()}; Expires=Thu, 01 Jan 1970 00:00:00 GMT`;
+//   } catch (err) {
+//     console.warn('Could not clear refresh token cookie:', err);
+//   }
+//   try {
+//     sessionStorage.removeItem(REFRESH_COOKIE);
+//   } catch (err) {
+//     console.warn('Could not clear refresh token from sessionStorage:', err);
+//   }
+// }
+
+// export function addTokenListener(listener) {
+//   if (typeof listener !== 'function') {
+//     throw new Error('Token listener must be a function');
+//   }
+//   listeners.add(listener);
+//   return () => {
+//     listeners.delete(listener);
+//   };
+// }
+
+// export function removeTokenListener(listener) {
+//   listeners.delete(listener);
+// }
+
+// export function getListenerCount() {
+//   return listeners.size;
+// }
+
+// export function isAuthenticated() {
+//   const token = getToken();
+//   return !!token && !isExpired(token, 15);
+// }
+