Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
apollo-link-oauth-token-refresh
Advanced tools
Readme
An Apollo Link that performs OAuth access token renewal when the token is expired
npm install apollo-link-oauth-token-refresh --save
Token Refresh Link is non-terminating
link, which means that this link shouldn't be the last link in the composed chain.
import { TokenRefreshLink } from "apollo-link-oauth-token-refresh";
const link = new TokenRefreshLink({
isTokenValidOrUndefined: () => boolean,
fetchAccessToken: () => Promise<Response>,
handleResponse: (operation) => response,
handleError?: (err: Error) => void,
});
Token Refresh Link takes an object with four options on it to customize the behavior of the link
name | value | explanation |
---|---|---|
accessTokenField? | string | Default: access_token . This is a name of access token field in response. In some scenarios we want to pass additional payload with access token, i.e. new refresh token, so this field could be the object's name |
isTokenValidOrUndefined | (...args: any[]) => boolean | Indicates the current state of access token expiration. If the token is not yet expired or the user does not require a token (guest), then true should be returned |
fetchAccessToken | (...args: any[]) => Promise<Response> | Function covers fetch call with request fresh access token |
handleResponse | (operation) => response => any | Used to handle the response status & extract your token |
handleError? | (err: Error) => void | Token fetch error callback. Allows to run additional actions like logout. Don't forget to handle Error if you are using this option |
import { TokenRefreshLink } from 'apollo-link-oauth-token-refresh';
link: ApolloLink.from([
new TokenRefreshLink({
isTokenValidOrUndefined: () => !isTokenExpired() || typeof getAccessToken() !== 'string',
fetchAccessToken: () => {
return fetch(getEndpoint('getAccessTokenPath'), {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded'
},
body: `grant_type=refresh_token&client_id=${getOauthClientId()}&client_secret=${getOauthClientSecret()}&refresh_token=${getRefreshToken()}`
});
},
handleResponse: () => (response) => {
// here you can handle response & save the token
if (response.status === 401) {
console.warn('token has been revoked');
user.logout();
} else {
return response.json().then(data => saveToken(data));
}
},
handleError: err => {
// full control over handling token fetch Error
console.warn('Your refresh token is invalid. Try to relogin');
console.error(err);
// your custom action here
user.logout();
}
}),
errorLink,
requestLink,
...
])
The Token Refresh Link does not use the context for anything
FAQs
Apollo Link that performs OAuth access tokens renewal
The npm package apollo-link-oauth-token-refresh receives a total of 72 weekly downloads. As such, apollo-link-oauth-token-refresh popularity was classified as not popular.
We found that apollo-link-oauth-token-refresh demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.