From c80d59d77522c3888f5634bfb07b881db080ceef Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=91=A8=E9=9B=85=E9=A3=8E?= <zhouyafeng@authing.cn>
Date: Wed, 6 Mar 2024 17:48:18 +0800
Subject: [PATCH] =?UTF-8?q?feat:=20:fire:=20=E4=BF=AE=E5=A4=8D=20miniapp?=
 =?UTF-8?q?=20code=20=E8=BF=87=E6=9C=9F=E9=97=AE=E9=A2=98=20=E4=BB=A5?=
 =?UTF-8?q?=E5=8F=8A=E6=94=AF=E6=8C=81=20web=20sdk=20refresh=5Ftoken?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 packages/miniapp/src/Authing.ts | 15 ++++++----
 packages/web/src/Authing.ts     | 53 +++++++++++++++++++++++++++++++--
 packages/web/src/global.ts      | 10 ++++++-
 3 files changed, 69 insertions(+), 9 deletions(-)

diff --git a/packages/miniapp/src/Authing.ts b/packages/miniapp/src/Authing.ts
index 7621e3b6..ee41c8c8 100644
--- a/packages/miniapp/src/Authing.ts
+++ b/packages/miniapp/src/Authing.ts
@@ -160,12 +160,15 @@ export class Authing {
 		}
 
 		try {
-			await AuthingMove.checkSession()
-			const code = await this.getCachedWxLoginCode()
-			if (!code) {
-				await next()
-			}
-		} catch (e) {
+			/** checkSession 并不能对 login 的 code 有效性进行 check
+       *  eg: Authing 实例化后会调用 login 返回 code 此时不进行操作 大概十分钟后调用接口 如 loginByCode 微信端返回 code 失效
+       */
+			// 	await AuthingMove.checkSession()
+			// 	const code = await this.getCachedWxLoginCode()
+			// 	if (!code) {
+			// 		await next()
+			// 	}
+			// } catch (e) {
 			this.storage.remove(getWxLoginCodeKey(this.options.appId))
 			await next()
 		} finally {
diff --git a/packages/web/src/Authing.ts b/packages/web/src/Authing.ts
index 6da7dac7..2f6a44d3 100644
--- a/packages/web/src/Authing.ts
+++ b/packages/web/src/Authing.ts
@@ -407,10 +407,10 @@ export class Authing {
 				'获取登录流程会话失败, 请确认是否重复访问了回调端点，以及浏览器是否支持 sessionStorage'
 			)
 		}
-
 		// implicit flow
 		const idToken = paramDict.id_token
 		const accessToken = paramDict.access_token
+		const refreshToken = paramDict.refresh_token
 		const nonce = tx?.nonce
 
 		if (
@@ -423,6 +423,7 @@ export class Authing {
 		const result = await this.saveLoginState({
 			idToken,
 			accessToken,
+			refreshToken,
 			nonce
 		})
 
@@ -431,6 +432,7 @@ export class Authing {
 		}
 
 		return { ...result, customState }
+
 	}
 
 	/**
@@ -677,6 +679,49 @@ export class Authing {
 		)
 		return
 	}
+	/**
+   * 
+   * 使用内部维护的 refresh_token 刷新 access_token、id_token
+   *
+   */
+	async refreshToken(): Promise<null | LoginState> {
+		const state = await this.loginStateProvider.get(
+			loginStateKey(this.options.appId)
+		)
+		if (!state?.refreshToken) {
+			throw new Error(
+				'获取 refresh_token 失败，请检查相关协议配置，是否开启 refresh_token 相关功能'
+			)
+		}
+		if (state && state.expireAt && state.expireAt > Date.now()) {
+			const data = {
+				grant_type: 'refresh_token',
+				redirect_uri: '',
+				refresh_token: state.refreshToken
+			}
+
+			const { data: tokenRes } = (await axiosPost(
+				`${this.domain}/oidc/token`,
+				createQueryParams(data),
+				{
+					headers: {
+						'Content-Type': 'application/x-www-form-urlencoded',
+						'x-authing-app-id': this.options.appId
+					}
+				}
+			)) as { data: OIDCTokenResponse }
+
+			// 清掉旧的登录态
+			await this.loginStateProvider.delete(loginStateKey(this.options.appId))
+
+			return this.saveLoginState({
+				idToken: tokenRes.id_token,
+				accessToken: tokenRes.access_token,
+				refreshToken: tokenRes.refresh_token
+			})
+		}
+		return null
+	}
 
 	private async listenToPostMessage(state: string) {
 		return new Promise<OIDCWebMessageResponse>((resolve, reject) => {
@@ -720,12 +765,14 @@ export class Authing {
 	private async saveLoginState(params: {
     accessToken?: string
     idToken?: string
+    refreshToken?: string
     nonce?: string
   }) {
-		const { accessToken, idToken } = params
+		const { accessToken, idToken, refreshToken } = params
 		const loginState: LoginState = {
 			accessToken: accessToken,
 			idToken: idToken,
+			refreshToken: refreshToken,
 			timestamp: Date.now()
 		}
 
@@ -779,6 +826,7 @@ export class Authing {
 		return this.saveLoginState({
 			idToken: tokenRes.id_token,
 			accessToken: tokenRes.access_token,
+			refreshToken: tokenRes.refresh_token,
 			nonce
 		})
 	}
@@ -804,6 +852,7 @@ export class Authing {
 			return this.saveLoginState({
 				accessToken: res.accessToken,
 				idToken: res.idToken,
+				refreshToken: res.refreshToken,
 				nonce
 			})
 		}
diff --git a/packages/web/src/global.ts b/packages/web/src/global.ts
index 2f1fd797..f475a574 100644
--- a/packages/web/src/global.ts
+++ b/packages/web/src/global.ts
@@ -103,6 +103,7 @@ export interface AuthingSPAInitOptions {
 export interface LoginState {
   accessToken?: string
   idToken?: string
+  refreshToken?:string
   parsedIdToken?: IDToken
   parsedAccessToken?: AccessToken
   expireAt?: number
@@ -247,4 +248,11 @@ export interface NormalError {
   apiCode: number
   message: string
   statusCode: number
-}
\ No newline at end of file
+}
+
+
+declare global {
+  interface Window{
+    crossOriginIsolated?:boolean
+  }
+}