async isValidCookie()

in server/auth/types/openid/openid_auth.ts [158:206]

• 44 lines of code
• 10 McCabe index (conditional complexity)

  async isValidCookie(cookie: SecuritySessionCookie): Promise<boolean> {
    if (
      cookie.authType !== this.type ||
      !cookie.username ||
      !cookie.expiryTime ||
      !cookie.credentials?.authHeaderValue ||
      !cookie.credentials?.expires_at
    ) {
      return false;
    }
    if (cookie.credentials?.expires_at > Date.now()) {
      return true;
    }

    // need to renew id token
    if (cookie.credentials.refresh_token) {
      try {
        const query: any = {
          grant_type: 'refresh_token',
          client_id: this.config.openid?.client_id,
          client_secret: this.config.openid?.client_secret,
          refresh_token: cookie.credentials.refresh_token,
        };
        const refreshTokenResponse = await callTokenEndpoint(
          this.openIdAuthConfig.tokenEndpoint!,
          query,
          this.wreckClient
        );

        // if no id_token from refresh token call, maybe the Idp doesn't allow refresh id_token
        if (refreshTokenResponse.idToken) {
          cookie.credentials = {
            authHeaderValue: `Bearer ${refreshTokenResponse.idToken}`,
            refresh_token: refreshTokenResponse.refreshToken,
            expires_at: Date.now() + refreshTokenResponse.expiresIn! * 1000, // expiresIn is in second
          };
          return true;
        } else {
          return false;
        }
      } catch (error) {
        this.logger.error(error);
        return false;
      }
    } else {
      // no refresh token, and current token is expired
      return false;
    }
  }