Force refresh tokens if external app (#4461)

2025-04-24 13:27:22 +00:00 · 2020-01-13 05:47:08 -08:00 · 2020-01-13 05:47:08 -08:00 · 40ac456937
commit 40ac456937
parent 5c32413bf7
2 changed files with 23 additions and 14 deletions
--- a/src/entrypoints/core.ts
+++ b/src/entrypoints/core.ts
@ -55,8 +55,12 @@ const connProm = async (auth) => {
      throw err;
    }
    // We can get invalid auth if auth tokens were stored that are no longer valid
-    // Clear stored tokens.
-    if (!isExternal) {
+    if (isExternal) {
+      // Tell the external app to force refresh the access tokens.
+      // This should trigger their unauthorized handling.
+      await auth.refreshAccessToken(true);
+    } else {
+      // Clear stored tokens.
      saveTokens(null);
    }
    auth = await authProm();
--- a/src/external_app/external_auth.ts
+++ b/src/external_app/external_auth.ts
@ -11,6 +11,10 @@ interface BasePayload {
  callback: string;
 }

+interface GetExternalAuthPayload extends BasePayload {
+  force?: boolean;
+}
+
 interface RefreshTokenResponse {
  access_token: string;
  expires_in: number;
@ -26,7 +30,7 @@ declare global {
    webkit?: {
      messageHandlers: {
        getExternalAuth: {
-          postMessage(payload: BasePayload);
+          postMessage(payload: GetExternalAuthPayload);
        };
        revokeExternalAuth: {
          postMessage(payload: BasePayload);
@ -60,8 +64,13 @@ class ExternalAuth extends Auth {
    });
  }

-  public async refreshAccessToken() {
-    const callbackPayload = { callback: CALLBACK_SET_TOKEN };
+  public async refreshAccessToken(force?: boolean) {
+    const payload: GetExternalAuthPayload = {
+      callback: CALLBACK_SET_TOKEN,
+    };
+    if (force) {
+      payload.force = true;
+    }

    const callbackPromise = new Promise<RefreshTokenResponse>(
      (resolve, reject) => {
@ -73,11 +82,9 @@ class ExternalAuth extends Auth {
    await 0;

    if (window.externalApp) {
-      window.externalApp.getExternalAuth(JSON.stringify(callbackPayload));
+      window.externalApp.getExternalAuth(JSON.stringify(payload));
    } else {
-      window.webkit!.messageHandlers.getExternalAuth.postMessage(
-        callbackPayload
-      );
+      window.webkit!.messageHandlers.getExternalAuth.postMessage(payload);
    }

    const tokens = await callbackPromise;
@ -87,7 +94,7 @@ class ExternalAuth extends Auth {
  }

  public async revoke() {
-    const callbackPayload = { callback: CALLBACK_REVOKE_TOKEN };
+    const payload: BasePayload = { callback: CALLBACK_REVOKE_TOKEN };

    const callbackPromise = new Promise((resolve, reject) => {
      window[CALLBACK_REVOKE_TOKEN] = (success, data) =>
@ -97,11 +104,9 @@ class ExternalAuth extends Auth {
    await 0;

    if (window.externalApp) {
-      window.externalApp.revokeExternalAuth(JSON.stringify(callbackPayload));
+      window.externalApp.revokeExternalAuth(JSON.stringify(payload));
    } else {
-      window.webkit!.messageHandlers.revokeExternalAuth.postMessage(
-        callbackPayload
-      );
+      window.webkit!.messageHandlers.revokeExternalAuth.postMessage(payload);
    }

    await callbackPromise;