@spidy092/auth-client 2.0.0 → 2.0.2

package/core.js

@@ -40,6 +40,16 @@ export function login(clientKeyArg, redirectUriArg) {
   sessionStorage.setItem('originalApp', clientKey);
   sessionStorage.setItem('returnUrl', redirectUri);
 
+    try {
+    const hasValidSession = await checkExistingTokens();
+    if (hasValidSession) {
+      console.log('✅ Valid session found, skipping login redirect');
+      return getToken();
+    }
+  } catch (err) {
+    console.log('⚠️ No valid session, proceeding with login flow');
+  }
+
   // ✅ Smart Router Logic
   if (isRouterMode()) {
     // Router mode: Direct backend authentication
@@ -64,6 +74,72 @@ function routerLogin(clientKey, redirectUri) {
   window.location.href = backendLoginUrl;
 }
 
+
+async function checkExistingTokens() {
+  const token = getToken();
+  const refreshTokenValue = getRefreshToken();
+  
+  console.log('🔍 Checking existing tokens:', {
+    hasAccessToken: !!token,
+    hasRefreshToken: !!refreshTokenValue
+  });
+  
+  // No tokens at all
+  if (!token && !refreshTokenValue) {
+    console.log('❌ No tokens found');
+    return false;
+  }
+  
+  // Have valid access token
+  if (token && !isTokenExpiredLocal(token)) {
+    console.log('✅ Valid access token exists');
+    return true;
+  }
+  
+  // Have refresh token, try to get new access token
+  if (refreshTokenValue) {
+    try {
+      console.log('🔄 Access token expired, attempting refresh...');
+      const newToken = await refreshToken();
+      console.log('✅ Token refreshed successfully');
+      return !!newToken;
+    } catch (err) {
+      console.warn('❌ Token refresh failed:', err);
+      return false;
+    }
+  }
+  
+  return false;
+}
+
+// ✅ NEW HELPER: Check if token is expired
+function isTokenExpiredLocal(token, bufferSeconds = 60) {
+  if (!token) return true;
+  
+  try {
+    const parts = token.split('.');
+    if (parts.length !== 3) return true;
+    
+    const payload = JSON.parse(atob(parts[1]));
+    
+    if (!payload.exp) return true;
+    
+    const now = Date.now() / 1000;
+    const isExpired = payload.exp < (now + bufferSeconds);
+    
+    console.log('🕐 Token expiry check:', {
+      expiresAt: new Date(payload.exp * 1000).toLocaleString(),
+      now: new Date(now * 1000).toLocaleString(),
+      isExpired
+    });
+    
+    return isExpired;
+  } catch (err) {
+    console.error('❌ Failed to decode token:', err);
+    return true;
+  }
+}
+
 // ✅ Client mode: Centralized login
 function clientLogin(clientKey, redirectUri) {
   const { accountUiUrl } = getConfig();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@spidy092/auth-client",
-  "version": "2.0.0",
+  "version": "2.0.2",
   "description": "Scalable frontend auth SDK for centralized login using Keycloak + Auth Service.",
   "main": "index.js",
   "module": "index.js",

package/token.js

@@ -1,5 +1,4 @@
-
-// auth-client/token.js
+// auth-client/token.js - CORRECTED VERSION
 
 import { jwtDecode } from 'jwt-decode';
 
@@ -7,7 +6,6 @@ let accessToken = null;
 const listeners = new Set();
 
 const REFRESH_COOKIE = 'account_refresh_token';
-const REFRESH_STORAGE_KEY = 'refresh_token'; // localStorage key
 const COOKIE_MAX_AGE = 7 * 24 * 60 * 60; // 7 days in seconds
 
 function secureAttribute() {
@@ -20,7 +18,7 @@ function secureAttribute() {
   }
 }
 
-// ========== ACCESS TOKEN (localStorage only) ==========
+// ========== ACCESS TOKEN (localStorage - keeps working) ==========
 function writeAccessToken(token) {
   if (!token) {
     try {
@@ -47,12 +45,8 @@ function readAccessToken() {
   }
 }
 
-// ========== REFRESH TOKEN (localStorage + Cookie dual storage) ==========
+// ========== REFRESH TOKEN (Cookie + sessionStorage - REVERTED) ==========
 
-/**
- * Store refresh token in BOTH localStorage AND cookie
- * Whichever survives (cross-domain, privacy settings) will work
- */
 export function setRefreshToken(token) {
   if (!token) {
     clearRefreshToken();
@@ -60,30 +54,26 @@ export function setRefreshToken(token) {
   }
 
   const expires = new Date(Date.now() + COOKIE_MAX_AGE * 1000);
-
-  // 1. Try to set cookie (works for same-domain, cross-subdomain)
+  
+  // ✅ REVERT: Use SameSite=Lax (NOT Strict) for SSO to work
   try {
     document.cookie = `${REFRESH_COOKIE}=${encodeURIComponent(token)}; Path=/; SameSite=Lax${secureAttribute()}; Expires=${expires.toUTCString()}`;
-    console.log('✅ Refresh token stored in cookie');
+    console.log('✅ Refresh token cookie set (SameSite=Lax for SSO)');
   } catch (err) {
-    console.warn('⚠️ Could not persist refresh token cookie:', err);
+    console.warn('Could not persist refresh token cookie:', err);
   }
 
-  // 2. Also store in localStorage as backup (survives browser privacy settings)
+  // ✅ REVERT: Keep sessionStorage (NOT localStorage) as fallback
   try {
-    localStorage.setItem(REFRESH_STORAGE_KEY, token);
-    console.log('✅ Refresh token stored in localStorage');
+    sessionStorage.setItem(REFRESH_COOKIE, token);
+    console.log('✅ Refresh token sessionStorage backup set');
   } catch (err) {
-    console.warn('⚠️ Could not persist refresh token to localStorage:', err);
+    console.warn('Could not persist refresh token to sessionStorage:', err);
   }
 }
 
-/**
- * Get refresh token from cookie OR localStorage (whichever works)
- * Priority: Cookie > localStorage
- */
 export function getRefreshToken() {
-  // 1. Try cookie first (preferred for httpOnly scenario)
+  // Prefer cookie to align with server expectations
   let cookieMatch = null;
   try {
     cookieMatch = document.cookie
@@ -94,48 +84,57 @@ export function getRefreshToken() {
   }
 
   if (cookieMatch) {
-    const token = decodeURIComponent(cookieMatch.split('=')[1]);
     console.log('✅ Retrieved refresh token from cookie');
-    return token;
+    return decodeURIComponent(cookieMatch.split('=')[1]);
   }
 
-  // 2. Fallback to localStorage
+  // ✅ REVERT: Fallback to sessionStorage (NOT localStorage)
   try {
-    const token = localStorage.getItem(REFRESH_STORAGE_KEY);
+    const token = sessionStorage.getItem(REFRESH_COOKIE);
     if (token) {
-      console.log('✅ Retrieved refresh token from localStorage (fallback)');
-      return token;
+      console.log('✅ Retrieved refresh token from sessionStorage (fallback)');
     }
+    return token;
   } catch (err) {
-    console.warn('⚠️ Could not read refresh token from localStorage:', err);
+    console.warn('Could not read refresh token from sessionStorage:', err);
+    return null;
   }
-
-  console.warn('⚠️ No refresh token found in cookie or localStorage');
-  return null;
 }
 
-/**
- * Clear refresh token from BOTH cookie AND localStorage
- */
 export function clearRefreshToken() {
-  // Clear cookie
+  // ✅ REVERT: Clear with SameSite=Lax
   try {
     document.cookie = `${REFRESH_COOKIE}=; Path=/; SameSite=Lax${secureAttribute()}; Expires=Thu, 01 Jan 1970 00:00:00 GMT`;
-    console.log('✅ Cleared refresh token cookie');
   } catch (err) {
-    console.warn('⚠️ Could not clear refresh token cookie:', err);
+    console.warn('Could not clear refresh token cookie:', err);
+  }
+
+  // ✅ REVERT: Clear sessionStorage (NOT localStorage)
+  try {
+    sessionStorage.removeItem(REFRESH_COOKIE);
+  } catch (err) {
+    console.warn('Could not clear refresh token from sessionStorage:', err);
   }
+}
+
+// ========== ACCESS TOKEN FUNCTIONS (unchanged) ==========
 
-  // Clear localStorage
+function decode(token) {
   try {
-    localStorage.removeItem(REFRESH_STORAGE_KEY);
-    console.log('✅ Cleared refresh token from localStorage');
+    return jwtDecode(token);
   } catch (err) {
-    console.warn('⚠️ Could not clear refresh token from localStorage:', err);
+    return null;
   }
 }
 
-// ========== ACCESS TOKEN MANAGEMENT ==========
+function isExpired(token, bufferSeconds = 60) {
+  if (!token) return true;
+  const decoded = decode(token);
+  if (!decoded?.exp) return true;
+  const now = Date.now() / 1000;
+  return decoded.exp < now + bufferSeconds;
+}
+
 export function setToken(token) {
   const previousToken = accessToken;
   accessToken = token || null;
@@ -179,23 +178,6 @@ export function clearToken() {
   });
 }
 
-// ========== HELPER FUNCTIONS ==========
-function decode(token) {
-  try {
-    return jwtDecode(token);
-  } catch (err) {
-    return null;
-  }
-}
-
-function isExpired(token, bufferSeconds = 60) {
-  if (!token) return true;
-  const decoded = decode(token);
-  if (!decoded?.exp) return true;
-  const now = Date.now() / 1000;
-  return decoded.exp < now + bufferSeconds;
-}
-
 export function addTokenListener(listener) {
   if (typeof listener !== 'function') {
     throw new Error('Token listener must be a function');