-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
5187 jwt refresh token Feature #5589
Conversation
17542ee
to
3786cb7
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@madaky Thank you so much for adding the refresh feature 👍
I left a comment regarding the interceptors in #5589 (comment)
extensions/authentication-jwt/src/__tests__/fixtures/controllers/user.controller.ts
Show resolved
Hide resolved
extensions/authentication-jwt/src/__tests__/fixtures/controllers/user.controller.ts
Show resolved
Hide resolved
extensions/authentication-jwt/src/__tests__/fixtures/controllers/user.controller.ts
Outdated
Show resolved
Hide resolved
e5c5df7
to
0fe795f
Compare
6e27c66
to
a575d11
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@madaky Thank you for the update, the structure looks much better now 👍 I left a few comments. Especially #5589 (comment)
extensions/authentication-jwt/src/__tests__/fixtures/controllers/user.controller.ts
Show resolved
Hide resolved
extensions/authentication-jwt/src/__tests__/fixtures/controllers/user.controller.ts
Show resolved
Hide resolved
extensions/authentication-jwt/src/__tests__/unit/jwt.service.ts
Outdated
Show resolved
Hide resolved
1da2847
to
d05307b
Compare
c652b0f
to
c5be3f2
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@madaky Awesome! The code and test part LGTM.
Could you also update the old docs before merging? Almost there.
1d99caf
to
cdcb04a
Compare
We just switch the contribution method from CLA to DCO, making your contribution easier in the future. Please sign the commits with DCO by amending your commit messages with
Please refer to this docs page for details. Thanks! |
a768352
to
8f7cd14
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
@@ -28,7 +28,8 @@ | |||
"@loopback/service-proxy": "^2.3.7", | |||
"@types/bcryptjs": "2.4.2", | |||
"bcryptjs": "^2.4.3", | |||
"jsonwebtoken": "^8.5.1" | |||
"jsonwebtoken": "^8.5.1", | |||
"@loopback/context": "^3.8.1" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's use @loopback/core
instead.
@@ -142,4 +153,68 @@ export class UserController { | |||
async whoAmI(): Promise<string> { | |||
return this.user[securityId]; | |||
} | |||
// Routes using refreshtoken | |||
@post('/users/refresh/login', { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/users/refresh-token
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ya can it be like /user/refresh-token/login?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@madaky I think Raymond means remove the login
part, just use users/refresh-token
, cuz it doesn't do login, it returns tokens.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@raymondfeng I renamed it back to /users/refresh-login
, it's essentially a login function. I added doc to explain what it does.
export type RefreshGrant = { | ||
refreshToken: string; | ||
}; | ||
|
||
export const RefreshGrantSchema = { | ||
type: 'object', | ||
required: ['refreshToken'], | ||
properties: { | ||
refreshToken: { | ||
type: 'string', | ||
}, | ||
}, | ||
}; | ||
export const RefreshGrantRequestBody = { | ||
description: 'Reissuing Acess Token', | ||
required: true, | ||
content: { | ||
'application/json': {schema: RefreshGrantSchema}, | ||
}, | ||
}; | ||
|
||
export type TokenObject = { | ||
accessToken: string; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we refactor types/interfaces to types.ts
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK @raymondfeng Thank you for your suggestion and guidance. I will fix it.
b26e888
to
79a3b40
Compare
* | ||
*/ | ||
refreshToken(refreshToken: string): Promise<TokenObject>; | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nitpick: I would like to see descriptive tsdocs for exported types/interfaces/constants.
|
||
/* eslint-disable*/ | ||
import {User, UserRelations} from '../models'; | ||
/* eslint-enable */ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For single-line disable, we can use // eslint-disable-next-line no-unused-vars
); | ||
export const DATASOURCE_NAME = 'refreshdb'; | ||
export const REFRESH_REPOSITORY = 'repositories.RefreshTokenRepository'; | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
More tsdocs are welcome.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@raymondfeng I added the docs in the 3rd commit. PTAL
3f8e2e1
to
446d693
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
446d693
to
49a1d1b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks great! Just spotted a few typos. Nice job. 👍
'authentication.jwt.refresh.secret', | ||
); | ||
export const REFRESH_EXPIRES_IN = BindingKey.create<string>( | ||
'authentication.jwt.referesh.expires.in.seconds', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Typo? Are instances of 'referesh' meant to be 'refresh'?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks @dougal83 for spoting out typos.
/** | ||
* The default issure used when generating refresh token. | ||
*/ | ||
export const REFRESH_ISSURE_VALUE = 'loopback4'; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Typo? 'ISSURE' > 'ISSUER'
*/ | ||
export const REFRESH_EXPIRES_IN_VALUE = '216000'; | ||
/** | ||
* The default issure used when generating refresh token. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Typo? issure > Issuer
feature refresh token implementation through Service chore(authentication-jwt): readme updated readme.md to use refresh token and extra configurations chore(context): readmemd refactor Apply suggestions from code review Co-authored-by: Diana Lau <[email protected]> feat: implemented awthentication-jwt refreshtoken services Signed-off-by: Madaky <[email protected]>
49a1d1b
to
fa8bf5d
Compare
Thank you @dougal83 Good catches! fixed. |
Merged 🎉 appreciate @madaky 's contribution and all the feedback again! |
feature refresh token implemented through i̶n̶t̶e̶r̶c̶e̶p̶t̶o̶r̶s̶ service
Implements #5187
See also #5046
Checklist
👉 Read and sign the CLA (Contributor License Agreement) 👈
npm test
passes on your machinepackages/cli
were updatedexamples/*
were updated👉 Check out how to submit a PR 👈