Add token exchange #110
Add token exchange #110
Conversation
Add a new method `sdk.exchangeToken()` that reads the current access token, and uses that together with the configured client secret to exchange the auth token into another token for privileged transitions.
| */ | ||
| export default class AddClientSecretToParams { | ||
| enter({ clientSecret, params, ...ctx }) { | ||
| return { ...ctx, clientSecret, params: { ...params, client_secret: clientSecret } }; |
There was a problem hiding this comment.
If client secret is not set, this could throw an error saying that client secret is missing. I hit this couple of times in my tests yesterday and was wondering why things don't work. The downside then is that client secret is made mandatory, which it today is yes, but maybe not for all token exchanges in the future?
There was a problem hiding this comment.
I added the check.
If in the future we add token exchanges that don't require a client secret, I think we can make the check based on the params given to this interceptor.
There was a problem hiding this comment.
LGTM, but test carefully! It's quite easy to get these things wrong Imo. Retries and all are quite hard and complex to understand.
One comment/change request: I'd love to see some tests for this. Have a look at https://github.com/sharetribe/flex-sdk-js/blob/master/src/fake/auth.js . Testing against fake implementation of the server is a bit meh but it's still better than no tests imo.
|
I have tested locally against the production API that an expired access token will fetch a new access token with the refresh token, and retry the token exchange. I added a separate card for proper tests for this, so those will come later. |
Add a new method
sdk.exchangeToken()that reads the current accesstoken, and uses that together with the configured client secret to
exchange the auth token into another token for privileged transitions.