fix(header): Removed refresh token logic (#134)

Author: fragsalat

src/ws-header/authorization.js

@@ -6,18 +6,14 @@ export class Authorization {
   /**
    * @param {AbstractStorage} storage Key value storage
    * @param {string} loginUrl Url the user get's redirected to authorize
-   * @param {string} refreshUrl Url the app will send a POST to request a new access token
    * @param {string} clientId OAuth2 client id
    * @param {string} businessPartnerId OAuth2 business partner id
    */
-  constructor(storage, loginUrl = '', refreshUrl = '', clientId = '', businessPartnerId = '') {
+  constructor(storage, loginUrl = '', clientId = '', businessPartnerId = '') {
     this.storage = storage;
     this.loginUrl = loginUrl;
-    this.refreshUrl = refreshUrl;
     this.clientId = clientId;
     this.businessPartnerId = businessPartnerId;
-    // Check if the access token will expire soon and we can refresh it
-    this.checkExpiration();
   }
 
   /**
@@ -40,26 +36,6 @@ export class Authorization {
     }
   }
 
-  /**
-   * Refresh access token if it is expired and a refresh token is available
-   * @returns {void}
-   * @private
-   */
-  checkExpiration() {
-    const expiresAt = this.storage.get('expires_at') || 0;
-    const refreshToken = this.storage.get('refresh_token');
-    if (!refreshToken) {
-      return;
-    }
-    // Check if expiration date is one minute before expiration
-    if (new Date().getTime() > expiresAt - 60000) {
-      this.refresh(refreshToken);
-    }
-    // Check every 59 seconds if the token expires.
-    // Use 59 seconds to prevent exact overlapping of check and expiration
-    setTimeout(() => this.checkExpiration(), 59000);
-  }
-
   /**
    * Tries to parse the access token from the given query string
    * @param {string} queryString Query string without leading ?
@@ -89,14 +65,13 @@ export class Authorization {
 
   /**
    * Update the tokens and notify the header
-   * @param {Object} params Response parameters containing access and refresh token
+   * @param {Object} params Response parameters containing access token
    * @returns {void}
    * @private
    */
   updateTokens(params) {
     const expires = params.expires_in ? parseInt(params.expires_in, 10) : 3600;
     this.storage.set('access_token', params.access_token);
-    this.storage.set('refresh_token', params.refresh_token);
     this.storage.set('expires_at', new Date().getTime() + expires * 1000);
     // Put data into authorized stream
     this.changeAccessToken(params.access_token);
@@ -117,47 +92,12 @@ export class Authorization {
     location.href = `${this.loginUrl}?${query}`;
   }
 
-  /**
-   * Request a new access token
-   * @param {string} token Refresh token
-   * @returns {void}
-   */
-  refresh(token) {
-    // Abort if we have not enough information to refresh the token
-    if (!this.refreshUrl || !token) {
-      return;
-    }
-    const data = this.buildQuery([
-      ['business_partner_id', this.businessPartnerId],
-      ['client_id', this.clientId],
-      ['grant_type', 'refresh_token'],
-      ['refresh_token', token],
-      ['state', this.createAndRememberUUID()],
-      ['response_type', 'token']
-    ]);
-
-    const xhr = new XMLHttpRequest();
-    xhr.open('POST', this.refreshUrl, true);
-    xhr.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
-    xhr.addEventListener('load', () => {
-      if (xhr.readyState === XMLHttpRequest.DONE) {
-        if (xhr.status === 200) {
-          this.updateTokens(JSON.parse(xhr.responseText));
-        } else {
-          throw new Error(`Could not refresh token: ${xhr.responseText}`);
-        }
-      }
-    });
-    xhr.send(data);
-  }
-
   /**
    * Remove authorization
    * @returns {void}
    */
   unauthorize() {
     this.storage.remove('access_key');
-    this.storage.remove('refresh_key');
     this.storage.remove('expires_at');
     this.changeAccessToken(null);
   }

src/ws-header/ws-header.js

@@ -10,8 +10,6 @@ import {WSDropdown} from '../ws-dropdown/ws-dropdown';
  * Optionally call WSHeader.setStorageType('cookie', 'zalando') If you want a to use cookies instead of localStorage
  * to persist the tokens. You can call WSHeader.getAccessToken().then(token => ...) to get the current access token.
  * It will resolve null when no access token is present and therefore the user isn't logged in.
- * If you configured the header with a refreshUrl you should subscribe the ws-auth-changed event. It will be emitted
- * when the access token was refreshed and it will have the access token in the event details.
  */
 export class WSHeader extends Component {
 
@@ -23,7 +21,6 @@ export class WSHeader extends Component {
 
   static defaultProps = {
     loginUrl: 'https://identity.zalando.com/oauth2/authorize',
-    refreshUrl: null,
     businessPartnerId: '810d1d00-4312-43e5-bd31-d8373fdd24c7',
     clientId: null,
     links: [],
@@ -35,7 +32,6 @@ export class WSHeader extends Component {
 
   static propTypes = {
     loginUrl: PropTypes.string,
-    refreshUrl: PropTypes.string,
     businessPartnerId: PropTypes.string,
     clientId: PropTypes.string,
     links: PropTypes.array,
@@ -146,7 +142,6 @@ export class WSHeader extends Component {
     this.authorization = new Authorization(
       WSHeader.storage,
       props.loginUrl,
-      props.refreshUrl,
       props.clientId,
       props.businessPartnerId
     );

tests/ws-header/ws-header.spec.js

@@ -6,7 +6,6 @@ import {LocalStorage} from '../../src/ws-header/storage/local-storage';
 
 function clearStorage() {
   WSHeader.storage.remove('access_token');
-  WSHeader.storage.remove('refresh_token');
   WSHeader.storage.remove('expires_at');
 }
 
@@ -52,14 +51,12 @@ describe('A WSHeader', () => {
     WSHeader.storage.set('locale', 'de');
     const header = new WSHeader({
       loginUrl: '1111',
-      refreshUrl: 222,
       businessPartnerId: '333',
       clientId: 444
     });
 
     expect(header.authorization).toBeTruthy();
     expect(header.authorization.loginUrl).toBe('1111');
-    expect(header.authorization.refreshUrl).toBe(222);
     expect(header.authorization.businessPartnerId).toBe('333');
     expect(header.authorization.clientId).toBe(444);
     expect(header.state.locale).toBe('de');