Closed AlbertHambardzumyan closed 4 years ago
I will take a look at it and provide more details.
createToken()
does provide createdAt in the response :
{
"token_type": "bearer",
"access_token": "eyJlbmMiOiJxxxxxxxxxxxxxxx628fsF.hcuBUVyq6aTGZKvxZ27sVw",
"expires_in": 3600,
"refresh_token": "AB1158973896xxxxxxxxxxxxxxxxxxxxxxxbwv1uUVgevE6sUo",
"x_refresh_token_expires_in": 8726400,
"realmId": "4620xxxxxxxxxxx867780",
"id_token": "",
"createdAt": 1581012560611
}
Yes, if you are setting a previosuly created token using the SDK, you would need to pass that. But if all your tokens are handled by the SDK, you need not worry. The SDK will use it.
In other words, if you are setting a token that is created using this SDK then you are good. If not, the createdAt
would give rise to a false-positive results. This is mentioned in the Note section here
@abisalehalliprasan
Unfortunately, I'm not getting createdAt
in the response.
const authResponse = await oauthClient.createToken(request.url)
console.log('Token', authResponse.getJson())
Output
{
x_refresh_token_expires_in: 8726400,
access_token: 'eyJlbmMiOiJBMTI4xxxxxxxxMjU2IiwiYWxnIjoiZGlyIn0..N0kptu',
token_type: 'bearer',
refresh_token: 'AB11589739716xxxxxxxxx51OBUAHRhTywDsSsQpwscqu',
expires_in: 3600
}
@abisalehalliprasan
The rest will be okey if I get the createdAt
.
Im storing entire Token object in the storage on login. Later, getting this token and checking with isAccessTokenValid()
before trying to get some resource.
If isAccessTokenValid()
gives correct result, then I can make a decision about refreshing it or using as it is if its not expired.
Please refer to retrieve the tokens under documentation here
Just replace console.log('The Token is '+ JSON.stringify(authResponse.getJson()));
with
console.log('The Token is '+ JSON.stringify(oauthClient.token.getToken()));
@abisalehalliprasan
Works with oauthClient.token.getToken()
. However that looks weird that response of createToken()
does not produce the same output. In both cases the output is Token, but some diff exist.
Note, getting createdAt via oauthClient. createToken()
brings additional problem:
I have to create a new oauthClient
each time I want to create a token
On the other hand, the oauthClient
might be reused if we could use createToken()
response instead of oauthClient.token.getToken()
As long as you are using the same app credentials, you can use the oauthClient
as a global variable.
In order to switch between multiple users in parallel you could : set the token
@abisalehalliprasan
Im using the same app credentials. However, I might have wrong result with global oauthClient
Consider the following case where I'm doing multipole createToken()
a) User 1 - createToken()
- output 1
b) User 2 - createToken()
- output 2
c) User 3 - createToken()
- output 3
d) User 4 - createToken()
- output 4
There is a chance that the output of the first call might be overridden by the any of b), c) or d)
before I read it via oauthClient.token.getToken()
@AlbertHambardzumyan Welcome any suggestions or PR if it helps solve this issue.
@abisalehalliprasan
I see a solution in the response of
const authResponse = await oauthClient.createToken(request.url)
If authResponse
comes directly from api response and not from oauthClient.setToken()
+ oauthClient.getToken()
, then this might be resolved by simple providing all the fields of Token object in authResponse
.
In other words, the output of oauthClient.token.getToken()
should be identical with the output of await oauthClient.createToken(request.url)
Any idea why there is a diff between this two ?
@abisalehalliprasan
Looks like the api response is returned in createToken()
const authResponse = res.json ? res : null;
const json = (authResponse && authResponse.getJson()) || res;
this.token.setToken(json);
this.log('info', 'Create Token response is : ', JSON.stringify(authResponse, null, 2));
return authResponse
This means we can have global oauthClient and use the response of await oauthClient.createToken(request.url)
instead of oauthClient.token.getToken()
, if we get createdAt
in the first one.
@abisalehalliprasan
The tokenData passed to setToken() does not have createdAt
. You can see by logging tokenData
.
This means oauthClient.token.getToken()
gives createdAt
which is not coming from server, but set in SDK in setToken()
.
Thats a reason why await oauthClient.createToken(request.url)
is not equal to oauthClient.token.getToken()
NOTE, server sends createdAt
property in res.token
instead of res.json
which used to return.
See https://github.com/intuit/oauth-jsclient/blob/master/src/OAuthClient.js#L159
@AlbertHambardzumyan : Do you think that would solve the Global variable issue addressed in the thread here ?
I might need to test it before releasing a new version of the library.
@abisalehalliprasan yes.
const token = await oauthClient.createToken(request.url)
This resolved global variable issue. Needs only to have the all the fields of res.token
instead of res.json
.
Please send a PR if you have the changes handy.
Feb 2021. same here, isTokenValid() always gave false positive result.
Steps to reproduce:
After closer look, seems that isTokenValid() basically -only- check the createdAt value, without validating the tokens itself.
@abisalehalliprasan : Any plan in the future to have it improved ?
The isAccessTokenValid() function always returns true if token has
expires_in
greater then 60.Tried to dig deeper and found that internal
_checkExpiry()
function makes use ofcreatedAt
property. The internalsetToken()
function setsnow
if its missing in provided tokenthis.createdAt = tokenData.createdAt || Date.now()
Note, createToken() does not provide
createdAt
in the response, so SDK user cannot provide that in token.In other words, if
createdAt
is missing in provided token, then system setsDate.now()
and uses that in expiry computation (plus 60 sec latency)., thus gives false positive result.