feat: Add support for refreshing JWT tokens (#9013)

* feat: Add support for refreshing JWT tokens * feat: Add refresh method to the auth SDK
2024-09-06 12:58:57 +02:00
parent 3ba0ddcd43
commit 62e0c593c8
10 changed files with 136 additions and 50 deletions
--- a/integration-tests/helpers/create-admin-user.ts
+++ b/integration-tests/helpers/create-admin-user.ts
@@ -47,7 +47,10 @@ export const createAdminUser = async (
      actor_type: "user",
      auth_identity_id: authIdentity.id,
    },
-    "test"
+    "test",
+    {
+      expiresIn: "1d",
+    }
  )

  adminHeaders.headers["authorization"] = `Bearer ${token}`
--- a/integration-tests/http/tests/auth/admin/auth.spec.ts
+++ b/integration-tests/http/tests/auth/admin/auth.spec.ts
@@ -1,5 +1,6 @@
 import { generateResetPasswordTokenWorkflow } from "@medusajs/core-flows"
 import { medusaIntegrationTestRunner } from "medusa-test-utils"
+import jwt from "jsonwebtoken"
 import {
  adminHeaders,
  createAdminUser,
@@ -254,5 +255,28 @@ medusaIntegrationTestRunner({
        expect(response.response.data.message).toEqual("Invalid token")
      })
    })
+
+    it("should refresh the token successfully", async () => {
+      // Make sure issue date is later than the admin one
+      jest.useFakeTimers()
+      jest.advanceTimersByTime(2000)
+
+      const resp = await api.post("/auth/token/refresh", {}, adminHeaders)
+      const decodedOriginalToken = jwt.decode(
+        adminHeaders.headers["authorization"].split(" ")[1]
+      ) as any
+      const decodedRefreshedToken = jwt.decode(resp.data.token) as any
+
+      expect(decodedOriginalToken).toEqual(
+        expect.objectContaining({
+          actor_id: decodedRefreshedToken.actor_id,
+          actor_type: decodedRefreshedToken.actor_type,
+          auth_identity_id: decodedRefreshedToken.auth_identity_id,
+        })
+      )
+
+      expect(decodedOriginalToken.iat).toBeLessThan(decodedRefreshedToken.iat)
+      expect(decodedOriginalToken.exp).toBeLessThan(decodedRefreshedToken.exp)
+    })
  },
 })