question: how to handle expired refresh token?

cmd-johnson / deno-oauth2-client

Minimalistic OAuth 2.0 client for Deno.

MIT License

45 stars 9 forks source link

question: how to handle expired refresh token? #31

Closed iuioiua closed 1 year ago

iuioiua commented 1 year ago

When using oauth2Client.refreshToken.refresh(), how do I handle when the refresh token has expired? AFAIK an error is thrown, but I'm not sure which error. My thoughts are it'd be handled like this:

try {
  await oauth2Client.refreshToken.refresh(refreshToken);
} catch (error) {
  if (isRefreshTokenExpired(error) {
    return null;
  }
  throw error;
}

iuioiua commented 1 year ago

Gently pinging @cmd-johnson.

cmd-johnson commented 1 year ago

Hey there! Sorry for the late reply.

You're on the right track! When the refresh token is expired, the server should return an error response with the error field set to invalid_grant (as per RFC6749 section 5.2):

try {
  await oauth2Client.refreshToken.refresh(refreshToken);
} catch (error) {
  if (error instanceof OAuth2ResponseError && error.error === "invalid_grant") {
    // the refresh token is probably expired
    return null;
  }
  throw error;
}

iuioiua commented 1 year ago

Thanks for getting back to me! OAuth2ResponseError is type-only export, so error instance OAuth2ResponseError doesn't work. Perhaps, the class should be exported instead of just the type. Could we say the same of the other errors?

cmd-johnson commented 1 year ago

Huh, I totally missed that. Absolutely, those errors shouldn't just be exported as types.

That's an easy fix though! Check out https://deno.land/x/oauth2_client@v1.0.2/mod.ts :slightly_smiling_face:

iuioiua commented 1 year ago

Nice! Thank you. Implemented in https://github.com/denoland/deno_kv_oauth/pull/131