Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SDK-1386] Fall back to iframe method if no refresh token is available #364

Merged
merged 4 commits into from
Mar 3, 2020
Merged

[SDK-1386] Fall back to iframe method if no refresh token is available #364

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
e6061cb
Logic falls back to the iframe method when no refresh token is found
Feb 27, 2020
120fc34
Cleaned up a variable name
Feb 27, 2020
c191540
Updated integration test
Feb 27, 2020
c450906
Merge branch 'release/rtr' into feature/token-fallback
Mar 2, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 17 additions & 20 deletions __tests__/index.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1442,26 +1442,6 @@ describe('Auth0', () => {
}
});
});

it('fails with an error when no refresh token is available in the cache', async () => {
const { auth0, cache, utils } = await setup({
useRefreshTokens: true
});

utils.getUniqueScopes.mockReturnValue(
`${TEST_SCOPES} offline_access`
);

cache.get.mockReturnValue({ access_token: TEST_ACCESS_TOKEN });

await auth0.getTokenSilently({ ignoreCache: true }).catch(e => {
expect(e.error).toBe('missing_refresh_token');
expect(e.error_description).toBe(
'No refresh token is available to fetch a new access token. The user should be reauthenticated.'
);
expect(utils.oauthToken).not.toHaveBeenCalled();
});
});
});
});

Expand Down Expand Up @@ -1736,6 +1716,23 @@ describe('Auth0', () => {
);
});
});

describe('when refresh tokens are used', () => {
it('falls back to using a hidden iframe when no refresh token is available', async () => {
const { auth0, cache, utils } = await setup({
useRefreshTokens: true
});

utils.getUniqueScopes.mockReturnValue(`${TEST_SCOPES} offline_access`);

cache.get.mockReturnValue({ access_token: TEST_ACCESS_TOKEN });

const result = await auth0.getTokenSilently({ ignoreCache: true });

expect(result).toEqual(TEST_ACCESS_TOKEN);
expect(utils.runIframe).toHaveBeenCalled();
});
});
});

describe('getTokenWithPopup()', async () => {
Expand Down
24 changes: 10 additions & 14 deletions cypress/integration/getTokenSilently.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,4 @@
import { decode } from 'qss';
import {
shouldBe,
shouldNotBe,
shouldBeUndefined,
shouldNotBeUndefined,
whenReady
} from '../support/utils';
import { shouldBe, whenReady } from '../support/utils';

describe('getTokenSilently', function() {
beforeEach(cy.resetTests);
Expand Down Expand Up @@ -76,7 +69,11 @@ describe('getTokenSilently', function() {
});

describe('when using refresh tokens', () => {
it('displays an error when trying to get an access token when the RT is missing', () => {
/**
* This test will fail with a 'consent_required' error when running on localhost, but the fact that it does
* proves that the iframe method was attempted even though we're supposed to be using refresh tokens.
*/
it.only('attempts to retrieve an access token by falling back to the iframe method', () => {
return whenReady().then(win => {
cy.toggleSwitch('local-storage');
cy.toggleSwitch('use-cache');
Expand All @@ -87,12 +84,11 @@ describe('getTokenSilently', function() {

cy.get('[data-cy=get-token]')
.click()
.wait(500);
.wait(500)
.get('[data-cy=access-token]')
.should('have.length', 1);

cy.get('[data-cy=error]').should(
'contain',
'No refresh token is available to fetch a new access token'
);
cy.get('[data-cy=error]').should('contain', 'consent_required');
});
});
});
Expand Down
15 changes: 6 additions & 9 deletions src/Auth0Client.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -439,7 +439,7 @@ export default class Auth0Client {
* @param options
*/
public async getTokenSilently(options: GetTokenSilentlyOptions = {}) {
const { ignoreCache, ...refreshTokenOptions } = {
const { ignoreCache, ...getTokenOptions } = {
audience: this.options.audience,
scope: getUniqueScopes(
this.DEFAULT_SCOPE,
Expand All @@ -453,8 +453,8 @@ export default class Auth0Client {
try {
if (!ignoreCache) {
const cache = this.cache.get({
scope: refreshTokenOptions.scope,
audience: refreshTokenOptions.audience || 'default',
scope: getTokenOptions.scope,
audience: getTokenOptions.audience || 'default',
client_id: this.options.client_id
});

Expand All @@ -466,8 +466,8 @@ export default class Auth0Client {
await lock.acquireLock(GET_TOKEN_SILENTLY_LOCK_KEY, 5000);

const authResult = this.options.useRefreshTokens
? await this._getTokenUsingRefreshToken(refreshTokenOptions)
: await this._getTokenFromIFrame(refreshTokenOptions);
? await this._getTokenUsingRefreshToken(getTokenOptions)
: await this._getTokenFromIFrame(getTokenOptions);

this.cache.save({ client_id: this.options.client_id, ...authResult });

Expand Down Expand Up @@ -625,10 +625,7 @@ export default class Auth0Client {
});

if (!cache || !cache.refresh_token) {
throw new GenericError(
'missing_refresh_token',
'No refresh token is available to fetch a new access token. The user should be reauthenticated.'
);
return await this._getTokenFromIFrame(options);
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the crux of the fix. Instead of throwing an error if there's no refresh token in the cache, we fall back to the legacy iframe method of getting a new access token.

}

const redirect_uri =
Expand Down