Merge pull request #103 from kinde-oss/peter/remove-payload

fix: remove payload cookies
kinde-oss · Dec 8, 2023 · bd9a7e6 · bd9a7e6
2 parents 2008241 + 369578e
commit bd9a7e6
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 9 deletions.
diff --git a/src/handlers/setup.js b/src/handlers/setup.js
@@ -1,3 +1,4 @@
+import jwtDecode from 'jwt-decode';
 import RouterClient from '../routerClients/RouterClient';
 
 /**
@@ -8,17 +9,17 @@ import RouterClient from '../routerClients/RouterClient';
 export const setup = async (routerClient) => {
   const user = await routerClient.sessionManager.getSessionItem('user');
   if (user) {
-    const accessToken = await routerClient.sessionManager.getSessionItem(
-      'access_token_payload'
+    const accessTokenEncoded = await routerClient.sessionManager.getSessionItem(
+      'access_token'
     );
 
-    const idToken = await routerClient.sessionManager.getSessionItem(
-      'id_token_payload'
+    const idTokenEncoded = await routerClient.sessionManager.getSessionItem(
+      'id_token'
     );
 
-    const accessTokenEncoded = await routerClient.sessionManager.getSessionItem(
-      'access_token'
-    );
+    const accessToken = jwtDecode(accessTokenEncoded);
+
+    const idToken = jwtDecode(idTokenEncoded);
 
     const permissions = await routerClient.kindeClient.getClaimValue(
       routerClient.sessionManager,

diff --git a/src/session/getAccessToken.js b/src/session/getAccessToken.js
@@ -1,3 +1,4 @@
+import jwtDecode from 'jwt-decode';
 import {sessionManager} from './sessionManager';
 
 /**
@@ -14,5 +15,7 @@ import {sessionManager} from './sessionManager';
  */
 // @ts-ignore
 export const getAccessTokenFactory = (req, res) => async () => {
-  return await sessionManager(req, res).getSessionItem('access_token_payload');
+  return jwtDecode(
+    await sessionManager(req, res).getSessionItem('access_token')
+  );
 };
diff --git a/src/session/getIdToken.js b/src/session/getIdToken.js
@@ -1,3 +1,4 @@
+import jwtDecode from 'jwt-decode';
 import {sessionManager} from './sessionManager';
 
 /**
@@ -14,5 +15,5 @@ import {sessionManager} from './sessionManager';
 
 // @ts-ignore
 export const getIdTokenFactory = (req, res) => async () => {
-  return await sessionManager(req, res).getSessionItem('id_token_payload');
+  return jwtDecode(await sessionManager(req, res).getSessionItem('id_token'));
 };