From a7838a98c02a37a6ac151ee65ace000e2f9a66e5 Mon Sep 17 00:00:00 2001
From: Peter Phanouvong <peterphanouvong@gmail.com>
Date: Fri, 8 Dec 2023 11:53:50 +1000
Subject: [PATCH] fix: remove payload cookies

---
 src/handlers/setup.js         | 15 ++++++++-------
 src/session/getAccessToken.js |  5 ++++-
 src/session/getIdToken.js     |  3 ++-
 3 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/src/handlers/setup.js b/src/handlers/setup.js
index 79f431d..f24b1b1 100644
--- a/src/handlers/setup.js
+++ b/src/handlers/setup.js
@@ -1,3 +1,4 @@
+import jwtDecode from 'jwt-decode';
 import RouterClient from '../routerClients/RouterClient';
 
 /**
@@ -8,17 +9,17 @@ import RouterClient from '../routerClients/RouterClient';
 export const setup = async (routerClient) => {
   const user = await routerClient.sessionManager.getSessionItem('user');
   if (user) {
-    const accessToken = await routerClient.sessionManager.getSessionItem(
-      'access_token_payload'
+    const accessTokenEncoded = await routerClient.sessionManager.getSessionItem(
+      'access_token'
     );
 
-    const idToken = await routerClient.sessionManager.getSessionItem(
-      'id_token_payload'
+    const idTokenEncoded = await routerClient.sessionManager.getSessionItem(
+      'id_token'
     );
 
-    const accessTokenEncoded = await routerClient.sessionManager.getSessionItem(
-      'access_token'
-    );
+    const accessToken = jwtDecode(accessTokenEncoded);
+
+    const idToken = jwtDecode(idTokenEncoded);
 
     const permissions = await routerClient.kindeClient.getClaimValue(
       routerClient.sessionManager,
diff --git a/src/session/getAccessToken.js b/src/session/getAccessToken.js
index f8edc1b..aeeda26 100644
--- a/src/session/getAccessToken.js
+++ b/src/session/getAccessToken.js
@@ -1,3 +1,4 @@
+import jwtDecode from 'jwt-decode';
 import {sessionManager} from './sessionManager';
 
 /**
@@ -14,5 +15,7 @@ import {sessionManager} from './sessionManager';
  */
 // @ts-ignore
 export const getAccessTokenFactory = (req, res) => async () => {
-  return await sessionManager(req, res).getSessionItem('access_token_payload');
+  return jwtDecode(
+    await sessionManager(req, res).getSessionItem('access_token')
+  );
 };
diff --git a/src/session/getIdToken.js b/src/session/getIdToken.js
index 77a907f..1b3d686 100644
--- a/src/session/getIdToken.js
+++ b/src/session/getIdToken.js
@@ -1,3 +1,4 @@
+import jwtDecode from 'jwt-decode';
 import {sessionManager} from './sessionManager';
 
 /**
@@ -14,5 +15,5 @@ import {sessionManager} from './sessionManager';
 
 // @ts-ignore
 export const getIdTokenFactory = (req, res) => async () => {
-  return await sessionManager(req, res).getSessionItem('id_token_payload');
+  return jwtDecode(await sessionManager(req, res).getSessionItem('id_token'));
 };