let responseHandler:()

in libs/@guardian/identity-auth/src/token.ts [683:730]

• 42 lines of code
• 5 McCabe index (conditional complexity)

	let responseHandler: (
		e: MessageEvent<OAuthAuthorizeResponse | OAuthAuthorizeResponseError>,
	) => void;

	// setup the timeout id variable to clear the timeout
	let timeoutId: number;

	// create a promise that resolves when the message is received or rejects when the timeout is reached
	const msgReceivedOrTimeout: Promise<
		OAuthAuthorizeResponse | OAuthAuthorizeResponseError
	> = new Promise((resolve, reject) => {
		// create the response handler
		responseHandler = (e) => {
			// check the message is for us, i.e the state matches
			if (e.data.state !== state) {
				return;
			}

			// check the message is from the correct origin, i.e the issuer
			if (e.origin !== opts.issuer.split('/oauth2/')[0]) {
				return reject(
					new OAuthError({
						error: 'invalid_origin',
						error_description: 'Invalid origin',
						message: 'The request does not originate from the issuer',
					}),
				);
			}

			// resolve the promise with the response
			return resolve(e.data);
		};

		// add the response handler to the window
		window.addEventListener('message', responseHandler);

		// set the timeout
		timeoutId = window.setTimeout(() => {
			// reject the promise with a timeout error if the timeout is reached
			return reject(
				new OAuthError({
					error: 'timeout',
					error_description: 'Timeout',
					message: 'The oauth request timed out',
				}),
			);
		}, opts.oauthTimeout);
	});