@stackframe/stack-shared 2.7.7 → 2.7.8

package/CHANGELOG.md

@@ -1,5 +1,13 @@
 # @stackframe/stack-shared
 
+## 2.7.8
+
+### Patch Changes
+
+- Various changes
+- Updated dependencies
+  - @stackframe/stack-sc@2.7.8
+
 ## 2.7.7
 
 ### Patch Changes

package/dist/sessions.d.ts

@@ -73,9 +73,9 @@ export declare class InternalSession {
     /**
      * Fetches new tokens that are, at the time of fetching, guaranteed to be valid.
      *
-     * The newly generated tokens are shortlived, so it's good practice not to rely on their validity (if possible). However, this function is useful in some cases where you only want to pass access tokens to a service, and you want to make sure said access token has the longest possible lifetime.
+     * The newly generated tokens are short-lived, so it's good practice not to rely on their validity (if possible). However, this function is useful in some cases where you only want to pass access tokens to a service, and you want to make sure said access token has the longest possible lifetime.
      *
-     * In most cases, you should prefer `getOrFetchLikelyValidTokens` with a fallback to `markAccessTokenExpired` and a retry mechanism if the endpoint rejects the token.
+     * In most cases, you should prefer `getOrFetchLikelyValidTokens`.
      *
      * @returns null if the session is known to be invalid, or new tokens otherwise (which, at the time of fetching, are guaranteed to be valid).
      */
@@ -95,11 +95,7 @@ export declare class InternalSession {
      */
     private _getPotentiallyInvalidAccessTokenIfAvailable;
     /**
-     * @returns An access token (cached if possible), or null if the session either does not represent a user or the session is invalid.
-     */
-    private _getOrFetchPotentiallyInvalidAccessToken;
-    /**
-     * You should prefer `_getOrFetchAccessToken` in almost all cases.
+     * You should prefer `_getOrFetchPotentiallyInvalidAccessToken` in almost all cases.
      *
      * @returns A newly fetched access token (never read from cache), or null if the session either does not represent a user or the session is invalid.
      */

package/dist/sessions.js

@@ -10,7 +10,7 @@ export class AccessToken {
     }
     get expiresAt() {
         const { exp } = jose.decodeJwt(this.token);
-        if (!exp)
+        if (exp === undefined)
             return new Date(8640000000000000); // max date value
         return new Date(exp * 1000);
     }
@@ -107,9 +107,9 @@ export class InternalSession {
     /**
      * Fetches new tokens that are, at the time of fetching, guaranteed to be valid.
      *
-     * The newly generated tokens are shortlived, so it's good practice not to rely on their validity (if possible). However, this function is useful in some cases where you only want to pass access tokens to a service, and you want to make sure said access token has the longest possible lifetime.
+     * The newly generated tokens are short-lived, so it's good practice not to rely on their validity (if possible). However, this function is useful in some cases where you only want to pass access tokens to a service, and you want to make sure said access token has the longest possible lifetime.
      *
-     * In most cases, you should prefer `getOrFetchLikelyValidTokens` with a fallback to `markAccessTokenExpired` and a retry mechanism if the endpoint rejects the token.
+     * In most cases, you should prefer `getOrFetchLikelyValidTokens`.
      *
      * @returns null if the session is known to be invalid, or new tokens otherwise (which, at the time of fetching, are guaranteed to be valid).
      */
@@ -133,30 +133,17 @@ export class InternalSession {
      * @returns An access token, which may be expired or expire soon, or null if it is known to be invalid.
      */
     _getPotentiallyInvalidAccessTokenIfAvailable() {
-        const accessToken = this._accessToken.get();
-        if (accessToken && !accessToken.isExpired())
-            return accessToken;
-        return null;
-    }
-    /**
-     * @returns An access token (cached if possible), or null if the session either does not represent a user or the session is invalid.
-     */
-    async _getOrFetchPotentiallyInvalidAccessToken() {
         if (!this._refreshToken)
             return null;
         if (this.isKnownToBeInvalid())
             return null;
-        const oldAccessToken = this._getPotentiallyInvalidAccessTokenIfAvailable();
-        if (oldAccessToken)
-            return oldAccessToken;
-        // refresh access token
-        if (!this._refreshPromise) {
-            this._refreshAndSetRefreshPromise(this._refreshToken);
-        }
-        return await this._refreshPromise;
+        const accessToken = this._accessToken.get();
+        if (accessToken && !accessToken.isExpired())
+            return accessToken;
+        return null;
     }
     /**
-     * You should prefer `_getOrFetchAccessToken` in almost all cases.
+     * You should prefer `_getOrFetchPotentiallyInvalidAccessToken` in almost all cases.
      *
      * @returns A newly fetched access token (never read from cache), or null if the session either does not represent a user or the session is invalid.
      */
@@ -165,7 +152,9 @@ export class InternalSession {
             return null;
         if (this._knownToBeInvalid.get())
             return null;
-        this._refreshAndSetRefreshPromise(this._refreshToken);
+        if (!this._refreshPromise) {
+            this._refreshAndSetRefreshPromise(this._refreshToken);
+        }
         return await this._refreshPromise;
     }
     _refreshAndSetRefreshPromise(refreshToken) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@stackframe/stack-shared",
-  "version": "2.7.7",
+  "version": "2.7.8",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
   "files": [
@@ -51,7 +51,7 @@
     "oauth4webapi": "^2.10.3",
     "semver": "^7.6.3",
     "uuid": "^9.0.1",
-    "@stackframe/stack-sc": "2.7.7"
+    "@stackframe/stack-sc": "2.7.8"
   },
   "devDependencies": {
     "@sentry/nextjs": "^8.40.0",