Skip to content

Commit ad2f6d6

Browse files
DanielRiversDanielRivers
committed
feat: migrate to use js-utils and refresh token support
1 parent 24be712 commit ad2f6d6

File tree

4 files changed

+61
-5
lines changed

4 files changed

+61
-5
lines changed

CHANGELOG.md

+54
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,60 @@
11
# Changelog
22

33

4+
## 0.7.1...fix/refresh_insecure_token_storage
5+
6+
[compare changes](https://github.com/kinde-oss/js-utils/compare/0.7.1...fix/refresh_insecure_token_storage)
7+
8+
### 🩹 Fixes
9+
10+
- Insecure token storage when using no non custom domain ([7338321](https://github.com/kinde-oss/js-utils/commit/7338321))
11+
- Only show production warning when explicity setting the 'useInsecureForRefreshToken' ([958f4ed](https://github.com/kinde-oss/js-utils/commit/958f4ed))
12+
- Non prod kinde domains ([24be712](https://github.com/kinde-oss/js-utils/commit/24be712))
13+
14+
### ✅ Tests
15+
16+
- Add tests ([979974d](https://github.com/kinde-oss/js-utils/commit/979974d))
17+
18+
### ❤️ Contributors
19+
20+
- Daniel Rivers ([@DanielRivers](http://github.com/DanielRivers))
21+
22+
## 0.7.1...fix/refresh_insecure_token_storage
23+
24+
[compare changes](https://github.com/kinde-oss/js-utils/compare/0.7.1...fix/refresh_insecure_token_storage)
25+
26+
### 🩹 Fixes
27+
28+
- Insecure token storage when using no non custom domain ([7338321](https://github.com/kinde-oss/js-utils/commit/7338321))
29+
- Only show production warning when explicity setting the 'useInsecureForRefreshToken' ([958f4ed](https://github.com/kinde-oss/js-utils/commit/958f4ed))
30+
- Non prod kinde domains ([24be712](https://github.com/kinde-oss/js-utils/commit/24be712))
31+
32+
### ✅ Tests
33+
34+
- Add tests ([979974d](https://github.com/kinde-oss/js-utils/commit/979974d))
35+
36+
### ❤️ Contributors
37+
38+
- Daniel Rivers ([@DanielRivers](http://github.com/DanielRivers))
39+
40+
## 0.7.1...fix/refresh_insecure_token_storage
41+
42+
[compare changes](https://github.com/kinde-oss/js-utils/compare/0.7.1...fix/refresh_insecure_token_storage)
43+
44+
### 🩹 Fixes
45+
46+
- Insecure token storage when using no non custom domain ([7338321](https://github.com/kinde-oss/js-utils/commit/7338321))
47+
- Only show production warning when explicity setting the 'useInsecureForRefreshToken' ([958f4ed](https://github.com/kinde-oss/js-utils/commit/958f4ed))
48+
- Non prod kinde domains ([24be712](https://github.com/kinde-oss/js-utils/commit/24be712))
49+
50+
### ✅ Tests
51+
52+
- Add tests ([979974d](https://github.com/kinde-oss/js-utils/commit/979974d))
53+
54+
### ❤️ Contributors
55+
56+
- Daniel Rivers ([@DanielRivers](http://github.com/DanielRivers))
57+
458
## 0.7.0...main
559

660
[compare changes](https://github.com/kinde-oss/js-utils/compare/0.7.0...main)

lib/utils/exchangeAuthCode.ts

+5-3
Original file line numberDiff line numberDiff line change
@@ -97,7 +97,7 @@ export const exchangeAuthCode = async ({
9797
headers["Kinde-SDK"] =
9898
`${frameworkSettings.framework}/${frameworkSettings.frameworkVersion}`;
9999
}
100-
const response = await fetch(`${domain}/oauth2/token`, {
100+
const fetchOptions: RequestInit = {
101101
method: "POST",
102102
...(isCustomDomain(domain) && { credentials: "include" }),
103103
headers: new Headers(headers),
@@ -108,7 +108,9 @@ export const exchangeAuthCode = async ({
108108
grant_type: "authorization_code",
109109
redirect_uri: redirectURL,
110110
}),
111-
});
111+
};
112+
console.log("fetchOptions", fetchOptions);
113+
const response = await fetch(`${domain}/oauth2/token`, fetchOptions);
112114
if (!response?.ok) {
113115
const errorText = await response.text();
114116
console.error("Token exchange failed:", response.status, errorText);
@@ -135,7 +137,7 @@ export const exchangeAuthCode = async ({
135137
});
136138
}
137139

138-
if (storageSettings.useInsecureForRefreshToken) {
140+
if (storageSettings.useInsecureForRefreshToken || !isCustomDomain(domain)) {
139141
activeStorage.setSessionItem(StorageKeys.refreshToken, data.refresh_token);
140142
}
141143

lib/utils/isCustomDomain.test.ts

+1-1
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ describe("isCustomDomain", () => {
1515
expect(result).toEqual(false);
1616
});
1717
it("works on no prod kinde domains", () => {
18-
const result = isCustomDomain("https://stakesocial-dave.au.kinde.com");
18+
const result = isCustomDomain("https://test-test.au.kinde.com");
1919
expect(result).toEqual(false);
2020
});
2121
});

package.json

+1-1
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@
1414
"publishConfig": {
1515
"access": "public"
1616
},
17-
"version": "0.7.1",
17+
"version": "0.7.2-5",
1818
"scripts": {
1919
"dev": "vite",
2020
"build": "tsc && vite build",

0 commit comments

Comments
 (0)