fix: set correct access token when it expired (#1434)

* fix: set correct access token when it expired * chore: change access token dummy * chore: update typo * chore: revert * Update .changeset/fair-cows-repeat.md ---------
shopware · Nov 8, 2024 · 938c4cf · 938c4cf
1 parent 8551a70
commit 938c4cf
Show file tree

Hide file tree

Showing 3 changed files with 68 additions and 1 deletion.
diff --git a/.changeset/fair-cows-repeat.md b/.changeset/fair-cows-repeat.md
@@ -0,0 +1,5 @@
+---
+"@shopware/api-client": patch
+---
+
+set authentication header instead of appending, when session has expired and is being refreshed
diff --git a/packages/api-client/src/createAdminAPIClient.ts b/packages/api-client/src/createAdminAPIClient.ts
@@ -160,7 +160,7 @@ export function createAdminAPIClient<
 
             updateSessionData(context.response._data);
             // pass enhanced (Authorization) headers to the next request
-            options.headers.append(
+            options.headers.set(
               "Authorization",
               createAuthorizationHeader(sessionData.accessToken),
             );

diff --git a/packages/api-client/src/createAdminApiClient.test.ts b/packages/api-client/src/createAdminApiClient.test.ts
@@ -78,6 +78,68 @@ describe("createAdminAPIClient", () => {
     });
   });
 
+  it("should invoke /oauth/token request to refresh access token when it has expired", async () => {
+    const authEndpointSpy = vi.fn().mockImplementation(() => {});
+    const authHeaderSpy = vi.fn().mockImplementation(() => {});
+    const onAuthChangeSpy = vi.fn().mockImplementation(() => {});
+    const defaultHeadersSpy = vi.fn();
+    const app = createApp()
+      .use(
+        "/order",
+        eventHandler(async (event) => {
+          const headers = getHeaders(event);
+          authHeaderSpy(headers.authorization);
+          return {
+            orderResponse: 123,
+          };
+        }),
+      )
+      .use(
+        "/oauth/token",
+        eventHandler(async (event) => {
+          const body = await readBody(event);
+          authEndpointSpy(body);
+          return {
+            access_token: "client-session-access-token",
+            expires_in: 3600,
+          };
+        }),
+      );
+
+    const baseURL = await createPortAndGetUrl(app);
+
+    const client = createAdminAPIClient<operations>({
+      baseURL,
+      sessionData: {
+        accessToken: "Bearer old-access-token",
+        refreshToken: "my-refresh-token",
+        expirationTime: 0,
+      },
+    });
+    client.hook("onAuthChange", onAuthChangeSpy);
+    client.hook("onDefaultHeaderChanged", defaultHeadersSpy);
+    const res = await client.invoke("getOrderList get /order", {});
+    expect(authEndpointSpy).toHaveBeenCalledWith({
+      client_id: "administration",
+      grant_type: "refresh_token",
+      refresh_token: "my-refresh-token",
+    });
+    expect(authHeaderSpy).toHaveBeenCalledWith(
+      "Bearer client-session-access-token",
+    );
+    expect(res.data).toEqual({ orderResponse: 123 });
+
+    expect(onAuthChangeSpy).toBeCalledWith({
+      accessToken: "client-session-access-token",
+      expirationTime: expect.any(Number),
+      refreshToken: "",
+    });
+    expect(defaultHeadersSpy).toBeCalledWith(
+      "Authorization",
+      "Bearer client-session-access-token",
+    );
+  });
+
   it("should not invoke /oauth/token request before request if there's an active session", async () => {
     const authEndpointSpy = vi.fn().mockImplementation(() => {});
     const authHeaderSpy = vi.fn().mockImplementation(() => {});