Add session and refresh token expiration utilities (#117)

descope · Apr 10, 2024 · 2e5c15c · 2e5c15c
1 parent 3aee822
commit 2e5c15c
Show file tree

Hide file tree

Showing 3 changed files with 67 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -349,6 +349,8 @@ You can also use the following helper methods on `DescopeAuthService` to assist
 - `isAuthenticated()` - Returns boolean whether user is authenticated
 - `refreshSession` - Force a refresh on current session token using an existing valid refresh token.
 - `refreshUser` - Force a refresh on current user using an existing valid refresh token.
+- `isSessionTokenExpired(token = getSessionToken())` - Check whether the current session token is expired. Provide a session token if is not persisted.
+- `isRefreshTokenExpired(token = getRefreshToken())` - Check whether the current refresh token is expired. Provide a refresh token if is not persisted.
 - `getJwtRoles(token = getSessionToken(), tenant = '')` - Get current roles from an existing session token. Provide tenant id for specific tenant roles.
 - `getJwtPermissions(token = getSessionToken(), tenant = '')` - Fet current permissions from an existing session token. Provide tenant id for specific tenant permissions.
 

diff --git a/projects/angular-sdk/src/lib/services/descope-auth.service.spec.ts b/projects/angular-sdk/src/lib/services/descope-auth.service.spec.ts
@@ -16,6 +16,7 @@ describe('DescopeAuthService', () => {
 	const onUserChangeSpy = jest.fn();
 	const getSessionTokenSpy = jest.fn();
 	const getRefreshTokenSpy = jest.fn();
+	const isJwtExpiredSpy = jest.fn();
 	const getJwtPermissionsSpy = jest.fn();
 	const getJwtRolesSpy = jest.fn();
 	const meSpy = jest.fn();
@@ -33,6 +34,7 @@ describe('DescopeAuthService', () => {
 			onUserChange: onUserChangeSpy,
 			getSessionToken: getSessionTokenSpy,
 			getRefreshToken: getRefreshTokenSpy,
+			isJwtExpired: isJwtExpiredSpy,
 			getJwtPermissions: getJwtPermissionsSpy,
 			getJwtRoles: getJwtRolesSpy,
 			me: meSpy,
@@ -54,6 +56,7 @@ describe('DescopeAuthService', () => {
 	afterEach(() => {
 		getSessionTokenSpy.mockReset();
 		getRefreshTokenSpy.mockReset();
+		isJwtExpiredSpy.mockReset();
 		getJwtPermissionsSpy.mockReset();
 		getJwtRolesSpy.mockReset();
 	});
@@ -111,6 +114,48 @@ describe('DescopeAuthService', () => {
 		});
 	});
 
+	describe('isSessionTokenExpired', () => {
+		it('should call isSessionTokenExpired from sdk', () => {
+			const token = 'abcd';
+			getSessionTokenSpy.mockReturnValueOnce(token);
+			service.isSessionTokenExpired();
+			expect(getSessionTokenSpy).toHaveBeenCalled();
+			expect(isJwtExpiredSpy).toHaveBeenCalledWith(token);
+		});
+
+		it('should warn when using isSessionTokenExpired in non browser environment', () => {
+			const warnSpy = jest.spyOn(console, 'warn');
+			windowSpy.mockImplementationOnce(() => undefined);
+
+			service.isSessionTokenExpired('some token');
+			expect(warnSpy).toHaveBeenCalledWith(
+				'isSessionTokenExpired is not supported in SSR'
+			);
+			expect(isJwtExpiredSpy).not.toHaveBeenCalled();
+		});
+	});
+
+	describe('isRefreshTokenExpired', () => {
+		it('should call isRefreshTokenExpired from sdk', () => {
+			const token = 'abcd';
+			getRefreshTokenSpy.mockReturnValueOnce(token);
+			service.isRefreshTokenExpired();
+			expect(getRefreshTokenSpy).toHaveBeenCalled();
+			expect(isJwtExpiredSpy).toHaveBeenCalledWith(token);
+		});
+
+		it('should warn when using isRefreshTokenExpired in non browser environment', () => {
+			const warnSpy = jest.spyOn(console, 'warn');
+			windowSpy.mockImplementationOnce(() => undefined);
+
+			service.isRefreshTokenExpired('some token');
+			expect(warnSpy).toHaveBeenCalledWith(
+				'isRefreshTokenExpired is not supported in SSR'
+			);
+			expect(isJwtExpiredSpy).not.toHaveBeenCalled();
+		});
+	});
+
 	describe('getJwtPermissions', () => {
 		it('should return permissions for token from sdk', () => {
 			const permissions = ['edit'];

diff --git a/projects/angular-sdk/src/lib/services/descope-auth.service.ts b/projects/angular-sdk/src/lib/services/descope-auth.service.ts
@@ -137,6 +137,26 @@ export class DescopeAuthService {
 		return '';
 	}
 
+	isSessionTokenExpired(token = this.getSessionToken()) {
+		if (isBrowser()) {
+			return this.descopeSdk.isJwtExpired(token ?? '');
+		}
+		console.warn('isSessionTokenExpired is not supported in SSR');
+		return true;
+	}
+
+	isRefreshTokenExpired(token = this.getRefreshToken()) {
+		if (isBrowser()) {
+			return (
+				this.descopeSdk as AngularDescopeSDK & {
+					isJwtExpired: (token: string) => boolean | null;
+				}
+			).isJwtExpired(token ?? '');
+		}
+		console.warn('isRefreshTokenExpired is not supported in SSR');
+		return true;
+	}
+
 	getJwtPermissions(token = this.getSessionToken(), tenant?: string) {
 		if (token === null) {
 			console.error('Could not get JWT Permissions - not authenticated');