add session refresh logic

chantastic · Jul 13, 2024 · 0d4435c · 0d4435c
1 parent 9496144
commit 0d4435c
Show file tree

Hide file tree

Showing 2 changed files with 105 additions and 4 deletions.
diff --git a/chan.dev/src/content/posts/authkit-astro.md b/chan.dev/src/content/posts/authkit-astro.md
@@ -449,7 +449,80 @@ try {
 export const prerender = false
 ---
 
-<h1>Hello {session.user.firstName} {session.user.lastName}!</h1>
+<h1>Hello {session.user.first_name} {session.user.last_name}!</h1>
 ```
 
 ---
+
+## Authomatically refresh session with session refreshToken
+
+```diff lang="astro" title="src/pages/dashboard.astro ins=/sealData, /
+---
+import {WorkOS} from '@workos-inc/node'
+import {createRemoteJWKSet, jwtVerify} from 'jose'
+
+import {sealData, unsealData} from 'iron-session'
+
+const cookie = Astro.cookies.get('wos-session')
+
+if (!cookie) {
+	return Astro.redirect('/sign-in')
+}
+
+const session = await unsealData(cookie.value, {
+	password: import.meta.env.WORKOS_COOKIE_PASSWORD,
+})
+
+const workos = new WorkOS(import.meta.env.WORKOS_API_KEY)
+
+const JWKS = createRemoteJWKSet(
+	new URL(
+		workos.userManagement.getJwksUrl(
+			import.meta.env.WORKOS_CLIENT_ID
+		)
+	)
+)
+
+let verifiedSession
+
+try {
+	verifiedSession = await jwtVerify(session.accessToken, JWKS)
+} catch (e) {
++	try {
++		const refreshedSession =
++			await workos.userManagement.authenticateWithRefreshToken({
++				clientId: import.meta.env.WORKOS_CLIENT_ID,
++				refreshToken: session.refreshToken,
++			})
++
++		const encryptedRefreshedSession = await sealData(
++			refreshedSession,
++			{
++				password: import.meta.env.WORKOS_COOKIE_PASSWORD,
++			}
++		)
++
++		Astro.cookies.set(
++			'wos-session',
++			encryptedRefreshedSession,
++			{
++				path: '/',
++				httpOnly: true,
++				secure: true,
++				sameSite: 'lax',
++			}
++		)
++	} catch (e) {
+		return Astro.redirect('/sign-in')
++	}
+}
+
+export const prerender = false
+---
+
+<h1>
+	Hello {session.user.last_name}!
+</h1>
+```
+
+## Extract auth check into framework middleware
diff --git a/chan.dev/src/pages/dashboard.astro b/chan.dev/src/pages/dashboard.astro
@@ -2,7 +2,7 @@
 import {WorkOS} from '@workos-inc/node'
 import {createRemoteJWKSet, jwtVerify} from 'jose'
 
-import {unsealData} from 'iron-session'
+import {sealData, unsealData} from 'iron-session'
 
 const cookie = Astro.cookies.get('wos-session')
 
@@ -29,10 +29,38 @@ let verifiedSession
 try {
 	verifiedSession = await jwtVerify(session.accessToken, JWKS)
 } catch (e) {
-	return Astro.redirect('/sign-in')
+	try {
+		const refreshedSession =
+			await workos.userManagement.authenticateWithRefreshToken({
+				clientId: import.meta.env.WORKOS_CLIENT_ID,
+				refreshToken: session.refreshToken,
+			})
+
+		const encryptedRefreshedSession = await sealData(
+			refreshedSession,
+			{
+				password: import.meta.env.WORKOS_COOKIE_PASSWORD,
+			}
+		)
+
+		Astro.cookies.set(
+			'wos-session',
+			encryptedRefreshedSession,
+			{
+				path: '/',
+				httpOnly: true,
+				secure: true,
+				sameSite: 'lax',
+			}
+		)
+	} catch (e) {
+		return Astro.redirect('/sign-in')
+	}
 }
 
 export const prerender = false
 ---
 
-<h1>Hello {session.user.firstName} {session.user.lastName}!</h1>
+<h1>
+	Hello {session.user.last_name}!
+</h1>