npm - @spidy092/auth-client - Versions diffs - 2.0.8 → 2.1.1 - Mend

@spidy092/auth-client 2.0.8 → 2.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/index.js CHANGED Viewed

@@ -1,7 +1,7 @@
 // auth-client/index.js
 import { setConfig, getConfig, isRouterMode } from './config';
 import { login, logout, handleCallback, refreshToken, resetCallbackState, validateCurrentSession } from './core';
-import { getToken, setToken, clearToken, addTokenListener, removeTokenListener, getListenerCount } from './token';
+import { getToken, setToken, clearToken, setRefreshToken, getRefreshToken, clearRefreshToken, addTokenListener, removeTokenListener, getListenerCount } from './token';
 import api from './api';
 import { decodeToken, isTokenExpired, isAuthenticated } from './utils/jwt';
@@ -23,6 +23,9 @@ export const auth = {
   getToken,
   setToken,
   clearToken,
+  setRefreshToken,     // ✅ Refresh token for HTTP dev
+  getRefreshToken,
+  clearRefreshToken,
   addTokenListener,    // ✅ Export new functions
   removeTokenListener,
   getListenerCount,    // ✅ Debug function

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@spidy092/auth-client",
-  "version": "2.0.8",
+  "version": "2.1.1",
   "description": "Scalable frontend auth SDK for centralized login using Keycloak + Auth Service.",
   "main": "index.js",
   "module": "index.js",

package/token.js CHANGED Viewed

@@ -53,7 +53,7 @@ function readAccessToken() {
 //   }
 //   const expires = new Date(Date.now() + COOKIE_MAX_AGE * 1000);
 //   try {
 //     document.cookie = `${REFRESH_COOKIE}=${encodeURIComponent(token)}; Path=/; SameSite=Lax${secureAttribute()}; Expires=${expires.toUTCString()}`;
 //   } catch (err) {
@@ -66,14 +66,14 @@ function readAccessToken() {
 //     const match = document.cookie
 //       ?.split('; ')
 //       ?.find((row) => row.startsWith(`${REFRESH_COOKIE}=`));
 //     if (match) {
 //       return decodeURIComponent(match.split('=')[1]);
 //     }
 //   } catch (err) {
 //     console.warn('Could not read refresh token:', err);
 //   }
 //   return null;
 // }
@@ -149,7 +149,7 @@ export function setRefreshToken(token) {
   // ✅ SECURITY: Refresh tokens should ONLY be in httpOnly cookies set by server
   // This function should NOT be used - refresh tokens must come from server cookies
   // Keeping for backwards compatibility but logging warning
   if (!token) {
     clearRefreshToken();
     return;
@@ -157,10 +157,10 @@ export function setRefreshToken(token) {
   console.warn('⚠️ SECURITY WARNING: setRefreshToken() called - refresh tokens should only be in httpOnly cookies!');
   console.warn('⚠️ Refresh tokens set client-side are insecure and should be removed');
   // ❌ DO NOT store refresh token in client-side storage
   // The server sets it in httpOnly cookie, which is the only secure way
   // Only clear any existing client-side storage
   try {
     sessionStorage.removeItem(REFRESH_COOKIE);
@@ -174,13 +174,13 @@ export function getRefreshToken() {
   // We cannot read httpOnly cookies from JavaScript - they're only sent with requests
   // This function is kept for backwards compatibility but returns null
   // The refresh endpoint will automatically use the httpOnly cookie via credentials: 'include'
   // ❌ DO NOT try to read refresh token from client-side storage
   // httpOnly cookies are not accessible via document.cookie
   console.warn('⚠️ getRefreshToken() called - refresh tokens are in httpOnly cookies and cannot be read from JavaScript');
   console.warn('⚠️ The refresh endpoint will automatically use the httpOnly cookie via credentials: "include"');
   return null; // Refresh token is in httpOnly cookie, not accessible to JavaScript
 }