Skip to content

Support refresh tokens #2141

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
bradjones1 opened this issue Jan 28, 2022 · 4 comments
Closed

Support refresh tokens #2141

bradjones1 opened this issue Jan 28, 2022 · 4 comments

Comments

@bradjones1
Copy link

Is your feature request related to a problem? Please describe.

Refresh tokens were introduced in MSC2918 but do not appear to be supported in the JS SDK.

Describe the solution you'd like

Support for refresh tokens and automatic refresh based on known expiration or auth failure using expired token.

Describe alternatives you've considered

This is a spec support feature so I do not believe there is an alternative.

Additional context

In more traditional OAuth world, it's possible to use a middleware (such as https://github.com/badgateway/fetch-mw-oauth2) for HTTP transport, but I don't think that would be an option here.
@bradjones1
Copy link
Author

I'm not generally a TypeScript developer so my JS skills are... lacking but it looks as though this could be supported in a way by creating a middleware-d fetch type function that is then set as the request function, per:

matrix-js-sdk/src/matrix.ts

Lines 59 to 92 in 1643201

// expose the underlying request object so different environments can use
// different request libs (e.g. request or browser-request)
let requestInstance;
/**
* The function used to perform HTTP requests. Only use this if you want to
* use a different HTTP library, e.g. Angular's <code>$http</code>. This should
* be set prior to calling {@link createClient}.
* @param {requestFunction} r The request function to use.
*/
export function request(r) {
requestInstance = r;
}
/**
* Return the currently-set request function.
* @return {requestFunction} The current request function.
*/
export function getRequest() {
return requestInstance;
}
/**
* Apply wrapping code around the request function. The wrapper function is
* installed as the new request handler, and when invoked it is passed the
* previous value, along with the options and callback arguments.
* @param {requestWrapperFunction} wrapper The wrapping function.
*/
export function wrapRequest(wrapper) {
const origRequest = requestInstance;
requestInstance = function(options, callback) {
return wrapper(origRequest, options, callback);
};
}

I think it would be nice to have first-class support for refresh tokens in the SDK itself, but it seems as though telling the SDK to not bother with access tokens, and then handling them in the request function, could be an approach. (Or at least prove a POC.)

@bradjones1
Copy link
Author

Related to #801 - request is deprecated and there is discussion to change HTTP libs, which would help enable things like middleware-d fetch or swapping in axios.

@bradjones1
Copy link
Author

Rewriting the SDK's request implementation for fetch is a greater lift/risk than I think I can handle on my own right now, but I am going to try to do something similar to the refactoring this project did to move from the request request/promise/rejection model with a shim that has a similar function signature.

@bradjones1 bradjones1 mentioned this issue Feb 8, 2022
Closed
@bradjones1
Copy link
Author

Functions added in #2178
React client got it in matrix-org/matrix-react-sdk#7802 but then this was reverted in matrix-org/matrix-react-sdk#7821

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bradjones1