feat(auth): proactive token refresh (#14076)

* update isTokenExpired to include tolerance * add unit tests * update bundle sizes * tmp enable e2e * revert tmp changes * tmp enable e2e * correct spec name * revert tmp changes * use mock Date.now * add additional test for expiration time exactly equal to tolerance * move isTokenExpired to utils * update bundle size
aws-amplify · Dec 23, 2024 · b818753 · b818753
1 parent ca2e4b8
commit b818753
Show file tree

Hide file tree

Showing 7 changed files with 84 additions and 14 deletions.
diff --git a/.github/integ-config/integ-all.yml b/.github/integ-config/integ-all.yml
@@ -1011,3 +1011,12 @@ tests:
     browser: [chrome]
     env:
       NEXT_PUBLIC_BACKEND_CONFIG: pwl-webauthn
+  - test_name: integ_next_refresh_token_auth
+    desc: 'refresh token auth'
+    framework: next
+    category: auth
+    sample_name: [mfa]
+    spec: refresh-token-auth
+    browser: *minimal_browser_list
+    env:
+      NEXT_PUBLIC_BACKEND_CONFIG: misc-tokenref
diff --git a/packages/aws-amplify/package.json b/packages/aws-amplify/package.json
@@ -383,7 +383,7 @@
 			"name": "[Auth] confirmSignIn (Cognito)",
 			"path": "./dist/esm/auth/index.mjs",
 			"import": "{ confirmSignIn }",
-			"limit": "28.61 kB"
+			"limit": "28.62 kB"
 		},
 		{
 			"name": "[Auth] updateMFAPreference (Cognito)",

diff --git a/packages/core/__tests__/utils/isTokenExpired.test.ts b/packages/core/__tests__/utils/isTokenExpired.test.ts
@@ -0,0 +1,56 @@
+import { isTokenExpired } from '../../src/libraryUtils';
+
+describe('isTokenExpired', () => {
+	const mockDate = Date.now();
+	jest.spyOn(Date, 'now').mockImplementation(() => mockDate);
+
+	it('should return true when token is expired', () => {
+		const result = isTokenExpired({
+			expiresAt: Date.now() - 1,
+			clockDrift: 0,
+			tolerance: 0,
+		});
+
+		expect(result).toBe(true);
+	});
+
+	it('should return false when token is not expired', () => {
+		const result = isTokenExpired({
+			expiresAt: Date.now() + 1,
+			clockDrift: 0,
+			tolerance: 0,
+		});
+
+		expect(result).toBe(false);
+	});
+
+	it('should return false when expiration time is within tolerance', () => {
+		const result = isTokenExpired({
+			expiresAt: Date.now() + 5001, // more than 5 seconds remaining until expiration
+			clockDrift: 0,
+			tolerance: 5000,
+		});
+
+		expect(result).toBe(false);
+	});
+
+	it('should return true when expiration time is outside tolerance', () => {
+		const result = isTokenExpired({
+			expiresAt: Date.now() + 4999, // less than 5 seconds remaining until expiration
+			clockDrift: 0,
+			tolerance: 5000,
+		});
+
+		expect(result).toBe(true);
+	});
+
+	it('should return false when expiration time is equal to tolerance', () => {
+		const result = isTokenExpired({
+			expiresAt: Date.now() + 5000, // exactly 5 seconds remaining until expiration
+			clockDrift: 0,
+			tolerance: 5000,
+		});
+
+		expect(result).toBe(false);
+	});
+});
diff --git a/packages/core/src/libraryUtils.ts b/packages/core/src/libraryUtils.ts
@@ -11,6 +11,7 @@ export {
 	generateRandomString,
 	isBrowser,
 	isNonRetryableError,
+	isTokenExpired,
 	isWebWorker,
 	jitteredBackoff,
 	jitteredExponentialRetry,
@@ -38,7 +39,6 @@ export {
 	assertIdentityPoolIdConfig,
 	assertOAuthConfig,
 } from './singleton/Auth/utils';
-export { isTokenExpired } from './singleton/Auth';
 export {
 	AssociationBelongsTo,
 	AssociationHasMany,

diff --git a/packages/core/src/singleton/Auth/index.ts b/packages/core/src/singleton/Auth/index.ts
@@ -9,18 +9,6 @@ import {
 	LibraryAuthOptions,
 } from './types';
 
-export function isTokenExpired({
-	expiresAt,
-	clockDrift,
-}: {
-	expiresAt: number;
-	clockDrift: number;
-}): boolean {
-	const currentTime = Date.now();
-
-	return currentTime + clockDrift > expiresAt;
-}
-
 export class AuthClass {
 	private authConfig?: AuthConfig;
 	private authOptions?: LibraryAuthOptions;

diff --git a/packages/core/src/utils/index.ts b/packages/core/src/utils/index.ts
@@ -16,3 +16,4 @@ export { urlSafeDecode } from './urlSafeDecode';
 export { urlSafeEncode } from './urlSafeEncode';
 export { deepFreeze } from './deepFreeze';
 export { deDupeAsyncFunction } from './deDupeAsyncFunction';
+export { isTokenExpired } from './isTokenExpired';
diff --git a/packages/core/src/utils/isTokenExpired.ts b/packages/core/src/utils/isTokenExpired.ts
@@ -0,0 +1,16 @@
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+export function isTokenExpired({
+	expiresAt,
+	clockDrift,
+	tolerance = 5000,
+}: {
+	expiresAt: number;
+	clockDrift: number;
+	tolerance?: number;
+}): boolean {
+	const currentTime = Date.now();
+
+	return currentTime + clockDrift + tolerance > expiresAt;
+}