feat: remove use of jwt-decode in provider (#22)

src/AuthProvider/index.tsx

@@ -11,11 +11,10 @@ import handleError from '../helpers/handleError.js'
 import isBrowser from '../helpers/isBrowser.js'
 import matchOneOfPatterns from '../helpers/matchOneOfPatterns.js'
 import useIsMounted from '../hooks/useIsMounted.js'
-import jwtClient from '../libs/jwtClient.js'
 import Context from './Context.js'
 
 import type ApiResponse from '../libs/ApiResponse'
-import type { AccessTokenPayload, User } from '../types'
+import type { AccessTokenPayload, RefreshTokenPayload, User } from '../types'
 import type {
   AuthContext,
   AuthLogInError,
@@ -54,7 +53,7 @@ const AuthProvider: FunctionComponent<AuthProviderProps> = ({ children, Loader,
           throw new Error('logIn() must be called within a browser environment.')
         }
 
-        const { data: tokenPair } = await ky
+        const { data: tokenPairWithPayload } = await ky
           .post('/api/auth/login', {
             json: {
               email,
@@ -64,22 +63,19 @@ const AuthProvider: FunctionComponent<AuthProviderProps> = ({ children, Loader,
           .json<
             ApiResponse<{
               accessToken: string
+              accessTokenPayload: AccessTokenPayload
               refreshToken: string
+              refreshTokenPayload: RefreshTokenPayload
             }>
           >()
 
-        const accessTokenPayload = jwtClient.parse<AccessTokenPayload>(tokenPair.accessToken)
-        if (accessTokenPayload === undefined) {
-          throw new Error('`accessToken` is unparseable. This should never happen.')
-        }
-
-        window.localStorage.setItem('NEXAUTH_REFRESH_TOKEN', tokenPair.refreshToken)
-        $accessTokenExpirationTimestamp.current = accessTokenPayload.exp
+        window.localStorage.setItem('NEXAUTH_REFRESH_TOKEN', tokenPairWithPayload.refreshToken)
+        $accessTokenExpirationTimestamp.current = tokenPairWithPayload.accessTokenPayload.exp
 
         if (isMounted()) {
-          setUser(accessTokenPayload.data)
+          setUser(tokenPairWithPayload.accessTokenPayload.data)
           setState({
-            accessToken: tokenPair.accessToken,
+            accessToken: tokenPairWithPayload.accessToken,
             isAuthenticated: true,
             isLoading: false,
           })
@@ -170,32 +166,34 @@ const AuthProvider: FunctionComponent<AuthProviderProps> = ({ children, Loader,
           return null
         }
 
-        const { data: tokenPair } = await ky
+        const { data: tokenPairWithPayload } = await ky
           .post('/api/auth/refresh', {
             json: {
               refreshToken,
             },
           })
-          .json<ApiResponse>()
-
-        const accessTokenPayload = jwtClient.parse<AccessTokenPayload>(tokenPair.accessToken)
-        if (accessTokenPayload === undefined) {
-          throw new Error('`accessToken` is unparseable. This should never happen.')
-        }
+          .json<
+            ApiResponse<{
+              accessToken: string
+              accessTokenPayload: AccessTokenPayload
+              refreshToken: string
+              refreshTokenPayload: RefreshTokenPayload
+            }>
+          >()
 
-        window.localStorage.setItem('NEXAUTH_REFRESH_TOKEN', tokenPair.refreshToken)
-        $accessTokenExpirationTimestamp.current = accessTokenPayload.exp
+        window.localStorage.setItem('NEXAUTH_REFRESH_TOKEN', tokenPairWithPayload.refreshToken)
+        $accessTokenExpirationTimestamp.current = tokenPairWithPayload.accessTokenPayload.exp
 
         if (isMounted()) {
-          setUser(accessTokenPayload.data)
+          setUser(tokenPairWithPayload.accessTokenPayload.data)
           setState({
-            accessToken: tokenPair.accessToken,
+            accessToken: tokenPairWithPayload.accessToken,
             isAuthenticated: true,
             isLoading: false,
           })
         }
 
-        return tokenPair.accessToken
+        return tokenPairWithPayload.accessToken
       } catch (err) {
         if (err instanceof HTTPError) {
           window.localStorage.removeItem('NEXAUTH_REFRESH_TOKEN')

src/actions/logIn.ts

@@ -10,7 +10,14 @@ import ApiError from '../libs/ApiError.js'
 import ApiResponse from '../libs/ApiResponse.js'
 import jwt from '../libs/jwt.js'
 
-import type { Adapter, NexauthConfig, NexauthOptions, RefreshTokenPayload, UserWithPassword } from '../types'
+import type {
+  AccessTokenPayload,
+  Adapter,
+  NexauthConfig,
+  NexauthOptions,
+  RefreshTokenPayload,
+  UserWithPassword,
+} from '../types'
 import type { NextApiRequest, NextApiResponse } from 'next'
 
 const { CI } = process.env
@@ -81,6 +88,7 @@ export default async function logIn<U extends UserWithPassword = UserWithPasswor
 
     const accessTokenPayloadUser = pick(accessTokenPublicUserProps)(user)
     const accessTokenValue = await jwt.sign(userId, ACCESS_TOKEN_EXPIRATION_IN_SECONDS, accessTokenPayloadUser)
+    const accessTokenPayload = await jwt.verify<AccessTokenPayload>(accessTokenValue)
 
     const refreshTokenValue = await jwt.sign(userId, REFRESH_TOKEN_EXPIRATION_IN_SECONDS)
     const refreshTokenPayload = await jwt.verify<RefreshTokenPayload>(refreshTokenValue)
@@ -102,7 +110,9 @@ export default async function logIn<U extends UserWithPassword = UserWithPasswor
     res.status(200).json(
       new ApiResponse({
         accessToken: accessTokenValue,
+        accessTokenPayload,
         refreshToken: refreshTokenValue,
+        refreshTokenPayload,
       }),
     )
   } catch (err) {

src/actions/refresh.ts

@@ -9,7 +9,14 @@ import ApiError from '../libs/ApiError.js'
 import ApiResponse from '../libs/ApiResponse.js'
 import jwt from '../libs/jwt.js'
 
-import type { Adapter, NexauthConfig, NexauthOptions, RefreshTokenPayload, UserWithPassword } from '../types'
+import type {
+  AccessTokenPayload,
+  Adapter,
+  NexauthConfig,
+  NexauthOptions,
+  RefreshTokenPayload,
+  UserWithPassword,
+} from '../types'
 import type { NextApiRequest, NextApiResponse } from 'next'
 
 const { CI } = process.env
@@ -88,19 +95,20 @@ export default async function refresh<U extends UserWithPassword = UserWithPassw
 
     const newAccessTokenPayloadUser = pick(accessTokenPublicUserProps)(user)
     const newAccessTokenValue = await jwt.sign(userId, ACCESS_TOKEN_EXPIRATION_IN_SECONDS, newAccessTokenPayloadUser)
+    const newAccessTokenPayload = await jwt.verify<AccessTokenPayload>(newAccessTokenValue)
     const newRefreshTokenValue = await jwt.sign(userId, REFRESH_TOKEN_EXPIRATION_IN_SECONDS)
-    const newRefreshTokenData = await jwt.verify<RefreshTokenPayload>(newRefreshTokenValue)
-    if (newRefreshTokenData === undefined) {
+    const newRefreshTokenPayload = await jwt.verify<RefreshTokenPayload>(newRefreshTokenValue)
+    if (newRefreshTokenPayload === undefined) {
       throw new Error('`newRefreshTokenValue` is unverifiable. This should never happen.')
     }
 
-    const expiredAt = new Date(newRefreshTokenData.exp * 1000)
+    const expiredAt = new Date(newRefreshTokenPayload.exp * 1000)
     const familyId = cuid()
 
     await adapter.refreshToken.create({
       expiredAt,
       familyId,
-      id: newRefreshTokenData.jti,
+      id: newRefreshTokenPayload.jti,
       ip,
       userId,
       value: newRefreshTokenValue,
@@ -109,7 +117,9 @@ export default async function refresh<U extends UserWithPassword = UserWithPassw
     res.status(200).json(
       new ApiResponse({
         accessToken: newAccessTokenValue,
+        accessTokenPayload: newAccessTokenPayload,
         refreshToken: newRefreshTokenValue,
+        refreshTokenPayload: newRefreshTokenPayload,
       }),
     )
   } catch (err) {

src/index.ts

@@ -4,7 +4,6 @@ import { NexauthError } from './constants.js'
 import useAuth from './hooks/useAuth.js'
 import getUser from './libs/getUser.js'
 import jwt from './libs/jwt.js'
-import jwtClient from './libs/jwtClient.js'
 import Nexauth from './Nexauth.js'
 
-export { AuthProvider, getUser, jwt, jwtClient, Nexauth, NexauthError, PrismaAdapter, useAuth }
+export { AuthProvider, getUser, jwt, Nexauth, NexauthError, PrismaAdapter, useAuth }