feat: add isAuthenticated and refreshToken functions

Author: DanielRivers

lib/utils/token/index.ts

@@ -10,6 +10,9 @@ import { getPermission, PermissionAccess } from "./getPermission";
 import { getPermissions, Permissions } from "./getPermissions";
 import { getUserOrganizations } from "./getUserOrganistaions";
 import { getRoles } from "./getRoles";
+import { isAuthenticated } from "./isAuthenticated";
+import { refreshToken } from "./refreshToken";
+
 const storage = {
   value: null as SessionManager | null,
 };
@@ -38,6 +41,8 @@ export {
   getPermissions,
   getUserOrganizations,
   getRoles,
+  isAuthenticated,
+  refreshToken,
 };
 
 export type { UserProfile, Permissions, PermissionAccess };

lib/utils/token/isAuthenticated.ts

@@ -0,0 +1,41 @@
+import { JWTDecoded } from "@kinde/jwt-decoder";
+import { getDecodedToken, refreshToken } from ".";
+
+export interface IsAuthenticatedPropsWithRefreshToken {
+  useRefreshToken?: true;
+  domain?: string;
+  clientId?: string;
+}
+
+export interface IsAuthenticatedPropsWithoutRefreshToken {
+  useRefreshToken?: false;
+  domain?: never;
+  clientId?: never;
+}
+
+type IsAuthenticatedProps =
+  | IsAuthenticatedPropsWithRefreshToken
+  | IsAuthenticatedPropsWithoutRefreshToken;
+
+/**
+ * check if the user is authenticated with option to refresh the token
+ * @returns { Promise<boolean> }
+ */
+export const isAuthenticated = async (
+  props?: IsAuthenticatedProps,
+): Promise<boolean> => {
+  try {
+    const token = await getDecodedToken<JWTDecoded>("accessToken");
+    if (!token) return false;
+
+    const isExpired = token.exp < Math.floor(Date.now() / 1000);
+
+    if (isExpired && props?.useRefreshToken) {
+      return refreshToken(props.domain, props.clientId);
+    }
+    return !isExpired;
+  } catch (error) {
+    console.error("Error checking authentication:", error);
+    return false;
+  }
+};

lib/utils/token/refreshToken.ts

@@ -0,0 +1,73 @@
+import { getActiveStorage } from ".";
+import { StorageKeys } from "../../sessionManager";
+import { sanatizeURL } from "../sanatizeUrl";
+
+/**
+ * refreshes the token
+ * @returns { Promise<boolean> }
+ */
+export const refreshToken = async (
+  domain?: string,
+  clientId?: string,
+): Promise<boolean> => {
+  try {
+    if (!domain) {
+      console.error("Domain is required for token refresh");
+      return false;
+    }
+
+    if (!clientId) {
+      console.error("Client ID is required for token refresh");
+      return false;
+    }
+
+    const storage = getActiveStorage();
+    const refreshTokenValue = await storage.getSessionItem(
+      StorageKeys.refreshToken,
+    );
+
+    if (!refreshTokenValue) {
+      console.error("No refresh token found");
+      return false;
+    }
+
+    const response = await fetch(`${sanatizeURL(domain)}/oauth2/token`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "multipart/form-data",
+        "Kinde-SDK": "js-utils",
+      },
+      body: JSON.stringify({
+        refresh_token: refreshTokenValue,
+        grant_type: "refresh_token",
+        client_id: clientId,
+      }),
+    });
+
+    if (!response.ok) {
+      console.error("Failed to refresh token");
+      return false;
+    }
+
+    const data = await response.json();
+
+    if (data.access_token) {
+      await storage.setSessionItem(StorageKeys.accessToken, data.access_token);
+      if (data.id_token) {
+        await storage.setSessionItem(StorageKeys.idToken, data.id_token);
+      }
+      if (data.refresh_token) {
+        await storage.setSessionItem(
+          StorageKeys.refreshToken,
+          data.refresh_token,
+        );
+      }
+      return true;
+    }
+
+    return false;
+  } catch (error) {
+    console.error("Error refreshing token:", error);
+    return false;
+  }
+};