fix: access token was using encoded refresh token instead of refresh …

…token id
autonomys · Nov 25, 2024 · e61a390 · e61a390
1 parent ed1a107
commit e61a390
Showing 1 changed file with 10 additions and 3 deletions.
diff --git a/backend/src/services/authManager/providers/custom.ts b/backend/src/services/authManager/providers/custom.ts
@@ -57,9 +57,16 @@ const createRefreshToken = async (user: OAuthUser) => {
   })
 }
 
+const getIdFromRefreshToken = (refreshToken: string) => {
+  const decoded = jwt.decode(refreshToken) as CustomRefreshTokenPayload
+  return decoded.id
+}
+
 const createSessionTokens = async (user: OAuthUser) => {
   const refreshToken = await createRefreshToken(user)
-  const accessToken = createAccessToken(user, refreshToken)
+  const refreshTokenId = getIdFromRefreshToken(refreshToken)
+
+  const accessToken = createAccessToken(user, refreshTokenId)
 
   return { accessToken, refreshToken }
 }
@@ -91,13 +98,13 @@ const getUserFromRefreshToken = async (
   }
 }
 
-const refreshAccessToken = async (refreshToken: string) => {
+const refreshAccessToken = async (refreshToken: string): Promise<string> => {
   const decoded = jwt.verify(
     refreshToken,
     JWT_SECRET,
   ) as CustomRefreshTokenPayload
   if (typeof decoded === 'string') {
-    return null
+    throw new Error('Invalid refresh token')
   }
 
   const user = await getUserFromRefreshToken(refreshToken)