attlaz-client 1.73.0 → 1.73.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/Http/Transport/OAuthClient.js +22 -2
- package/dist/version.d.ts +1 -1
- package/dist/version.js +1 -1
- package/package.json +1 -1
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import { JsonSerializable } from '../../Model/JsonSerializable.js';
|
|
2
2
|
import { VERSION } from '../../version.js';
|
|
3
3
|
import { ClientError } from '../ClientError.js';
|
|
4
|
+
import { HttpStatus } from '../HttpStatus.js';
|
|
4
5
|
import { HttpClient } from '../HttpClient.js';
|
|
5
6
|
import { HttpClientRequest } from '../HttpClientRequest.js';
|
|
6
7
|
import { OAuthClientToken } from '../OAuthClientToken.js';
|
|
@@ -76,6 +77,18 @@ export class OAuthClient {
|
|
|
76
77
|
this.oauthClientToken = this.tokenToOauthClientToken(rawAuthToken);
|
|
77
78
|
}
|
|
78
79
|
catch (e) {
|
|
80
|
+
if (e instanceof ClientError) {
|
|
81
|
+
// A refresh grant rejected by the server (4xx — the refresh token is
|
|
82
|
+
// expired/revoked/invalid_grant) means the session is irrecoverable and
|
|
83
|
+
// the user must re-authenticate. Surface it as 401 Unauthorized so
|
|
84
|
+
// consumers sign out and redirect to login instead of showing a generic
|
|
85
|
+
// error. Transient failures (network / 5xx) are rethrown unchanged so a
|
|
86
|
+
// hiccup doesn't force a logout.
|
|
87
|
+
if (e.httpStatus !== null && e.httpStatus >= 400 && e.httpStatus < 500) {
|
|
88
|
+
throw new ClientError('Refresh token rejected, re-authentication required', HttpStatus.HTTP_UNAUTHORIZED);
|
|
89
|
+
}
|
|
90
|
+
throw e;
|
|
91
|
+
}
|
|
79
92
|
throw ClientError.fromError(e);
|
|
80
93
|
}
|
|
81
94
|
}
|
|
@@ -116,8 +129,15 @@ export class OAuthClient {
|
|
|
116
129
|
if (signWithOauthToken && OAuthClientToken.isExpired(this.oauthClientToken)) {
|
|
117
130
|
if (this.refreshTokenPromise === null) {
|
|
118
131
|
this.refreshTokenPromise = this.refreshToken();
|
|
119
|
-
|
|
120
|
-
|
|
132
|
+
try {
|
|
133
|
+
await this.refreshTokenPromise;
|
|
134
|
+
}
|
|
135
|
+
finally {
|
|
136
|
+
// Always clear, even on failure, so a single failed refresh
|
|
137
|
+
// doesn't poison every later request with the same rejected
|
|
138
|
+
// promise (e.g. after the user re-authenticates).
|
|
139
|
+
this.refreshTokenPromise = null;
|
|
140
|
+
}
|
|
121
141
|
}
|
|
122
142
|
else {
|
|
123
143
|
await this.refreshTokenPromise;
|
package/dist/version.d.ts
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
export declare const VERSION = "1.
|
|
1
|
+
export declare const VERSION = "1.73.1";
|
package/dist/version.js
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
export const VERSION = "1.
|
|
1
|
+
export const VERSION = "1.73.1";
|