diff --git a/packages/openauth/src/client.ts b/packages/openauth/src/client.ts index b4228702..5dd39dbd 100644 --- a/packages/openauth/src/client.ts +++ b/packages/openauth/src/client.ts @@ -109,6 +109,27 @@ export function createClient(input: { refresh: json.refresh_token as string, } }, + async refresh(token: string) { + const tokens = await f(issuer + "/token", { + method: "POST", + headers: { + "Content-Type": "application/x-www-form-urlencoded", + }, + body: new URLSearchParams({ + grant_type: "refresh_token", + refresh_token: token, + }).toString(), + }) + const json = (await tokens.json()) as any + if (!tokens.ok) { + console.error(json) + throw new InvalidRefreshTokenError() + } + return { + access: json.access_token as string, + refresh: json.refresh_token as string, + } + }, async verify( subjects: T, token: string, @@ -151,30 +172,17 @@ export function createClient(input: { } } catch (e) { if (e instanceof errors.JWTExpired && options?.refresh) { - const wk = await getIssuer() - const tokens = await f(wk.token_endpoint, { - method: "POST", - headers: { - "Content-Type": "application/x-www-form-urlencoded", - }, - body: new URLSearchParams({ - grant_type: "refresh_token", - refresh_token: options.refresh, - }).toString(), - }) - const json = (await tokens.json()) as any - if (!tokens.ok) { - console.error(json) - throw new InvalidRefreshTokenError() - } - const verified = await result.verify(subjects, json.access_token, { - refresh: json.refresh_token, + const tokens = await this.refresh(options.refresh) + + const verified = await result.verify(subjects, tokens.access, { + refresh: tokens.refresh, issuer, fetch: options?.fetch, }) + verified.tokens = { - access: json.access_token, - refresh: json.refresh_token, + access: tokens.access, + refresh: tokens.refresh, } return verified }