Expose decoded tokens - Githubissues

DoctorMcKay / node-steam-session

Node.js module for authenticating with the Steam auth server. Allows for generating refresh tokens and web auth cookies for use with steam-user and other packages.

https://www.npmjs.com/package/steam-session

MIT License

108 stars 21 forks source link

Expose decoded tokens #33

Open Aareksio opened 10 months ago

Aareksio commented 10 months ago

Is your feature request related to a problem? Please describe.

As steam-session consumer I would like to know when to call renewRefreshToken() and refreshAccessToken().

Describe the solution you'd like

Expose decoded refreshToken and accessToken as properties or getters

Describe alternatives you've considered

Decode JWT in user application. This approach is likely to introduce overkill libraries to user code. Since steam-session is already capable of decoding tokens (and does so), exposing the data seems like a natural solution.

DoctorMcKay commented 10 months ago

I really don't think this belongs in steam-session's API. Purpose-built JWT decoders are more appropriate here.

Aareksio commented 10 months ago

You are right decoding the whole token is outside of the scope.

However, knowing if the refresh token is expiring (shortly) seems plausible. Knowing the expiration time is required for promptly renewal. As the library already decodes the tokens, exposing the expiration time seems like better solution, then asking users to bring their own JWT decoder.

DoctorMcKay commented 10 months ago

I don't have any way of saying with 100% confidence that Valve is always going to use JWTs. I don't want to expose any API that operates off of assumptions. Yes, the module decodes and inspects JWT data internally, but that's mostly just to provide value-adds in the form of keeping people from passing the wrong kinds of tokens and getting confused when things don't work.