@spidy092/auth-client 2.1.6 → 2.1.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/api.js +1 -1
  2. package/core.js +24 -12
  3. package/package.json +1 -1
package/api.js CHANGED
@@ -12,7 +12,7 @@ api.interceptors.request.use((config) => {
12
12
  const runtimeConfig = getConfig();
13
13
 
14
14
  if (!config.baseURL) {
15
-
15
+
16
16
  config.baseURL = runtimeConfig?.authBaseUrl || 'http://auth.local.test:4000/auth';
17
17
  }
18
18
 
package/core.js CHANGED
@@ -116,7 +116,7 @@ async function routerLogout(clientKey, authBaseUrl, accountUiUrl, token) {
116
116
 
117
117
  try {
118
118
  const response = await fetch(`${authBaseUrl}/logout/${clientKey}`, {
119
- method: 'GET',
119
+ method: 'POST',
120
120
  credentials: 'include',
121
121
  headers: {
122
122
  'Authorization': token ? `Bearer ${token}` : '',
@@ -133,21 +133,18 @@ async function routerLogout(clientKey, authBaseUrl, accountUiUrl, token) {
133
133
  clearRefreshToken();
134
134
  clearToken();
135
135
 
136
- await new Promise(resolve => setTimeout(resolve, 5000));
137
-
138
- if (data.success && data.keycloakLogoutUrl) {
139
- window.location.href = data.keycloakLogoutUrl;
140
- return;
141
- }
136
+ // Skip Keycloak confirmation page - redirect directly to login
137
+ // Backend has already revoked the session/tokens
138
+ console.log('🔄 Redirecting to login (skipping Keycloak confirmation)');
139
+ window.location.href = '/login';
142
140
 
143
141
  } catch (error) {
144
142
  console.warn('⚠️ Logout failed:', error);
145
143
  clearRefreshToken();
146
144
  clearToken();
145
+ // Still redirect to login even on error
146
+ window.location.href = '/login';
147
147
  }
148
-
149
- await new Promise(resolve => setTimeout(resolve, 5000));
150
- window.location.href = '/login';
151
148
  }
152
149
 
153
150
  function clientLogout(clientKey, accountUiUrl) {
@@ -414,8 +411,23 @@ export function startProactiveRefresh() {
414
411
  startProactiveRefresh();
415
412
  } catch (err) {
416
413
  console.error('❌ Proactive refresh failed:', err);
417
- // Try again in 30 seconds if refresh fails
418
- proactiveRefreshTimer = setTimeout(() => startProactiveRefresh(), 30000);
414
+
415
+ // Check if this is a permanent failure (token revoked, invalid, etc.)
416
+ const errorMessage = err.message?.toLowerCase() || '';
417
+ const isPermanentFailure =
418
+ errorMessage.includes('401') ||
419
+ errorMessage.includes('revoked') ||
420
+ errorMessage.includes('invalid') ||
421
+ errorMessage.includes('expired') ||
422
+ errorMessage.includes('unauthorized');
423
+
424
+ if (isPermanentFailure) {
425
+ console.log('🚨 Token permanently invalid, triggering session expiry');
426
+ notifySessionInvalid('refresh_token_revoked');
427
+ } else {
428
+ // Temporary failure (network issue), try again in 30 seconds
429
+ proactiveRefreshTimer = setTimeout(() => startProactiveRefresh(), 30000);
430
+ }
419
431
  }
420
432
  }, refreshIn);
421
433
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@spidy092/auth-client",
3
- "version": "2.1.6",
3
+ "version": "2.1.8",
4
4
  "description": "Scalable frontend auth SDK for centralized login using Keycloak + Auth Service.",
5
5
  "main": "index.js",
6
6
  "module": "index.js",