diff --git a/.changeset/fair-cows-repeat.md b/.changeset/fair-cows-repeat.md new file mode 100644 index 000000000..5df2b0460 --- /dev/null +++ b/.changeset/fair-cows-repeat.md @@ -0,0 +1,5 @@ +--- +"@shopware/api-client": patch +--- + +set authentication header instead of appending, when session has expired and is being refreshed diff --git a/packages/api-client/src/createAdminAPIClient.ts b/packages/api-client/src/createAdminAPIClient.ts index 660775524..483fcfcff 100644 --- a/packages/api-client/src/createAdminAPIClient.ts +++ b/packages/api-client/src/createAdminAPIClient.ts @@ -160,7 +160,7 @@ export function createAdminAPIClient< updateSessionData(context.response._data); // pass enhanced (Authorization) headers to the next request - options.headers.append( + options.headers.set( "Authorization", createAuthorizationHeader(sessionData.accessToken), ); diff --git a/packages/api-client/src/createAdminApiClient.test.ts b/packages/api-client/src/createAdminApiClient.test.ts index dba871e18..7c6cb0780 100644 --- a/packages/api-client/src/createAdminApiClient.test.ts +++ b/packages/api-client/src/createAdminApiClient.test.ts @@ -78,6 +78,68 @@ describe("createAdminAPIClient", () => { }); }); + it("should invoke /oauth/token request to refresh access token when it has expired", async () => { + const authEndpointSpy = vi.fn().mockImplementation(() => {}); + const authHeaderSpy = vi.fn().mockImplementation(() => {}); + const onAuthChangeSpy = vi.fn().mockImplementation(() => {}); + const defaultHeadersSpy = vi.fn(); + const app = createApp() + .use( + "/order", + eventHandler(async (event) => { + const headers = getHeaders(event); + authHeaderSpy(headers.authorization); + return { + orderResponse: 123, + }; + }), + ) + .use( + "/oauth/token", + eventHandler(async (event) => { + const body = await readBody(event); + authEndpointSpy(body); + return { + access_token: "client-session-access-token", + expires_in: 3600, + }; + }), + ); + + const baseURL = await createPortAndGetUrl(app); + + const client = createAdminAPIClient({ + baseURL, + sessionData: { + accessToken: "Bearer old-access-token", + refreshToken: "my-refresh-token", + expirationTime: 0, + }, + }); + client.hook("onAuthChange", onAuthChangeSpy); + client.hook("onDefaultHeaderChanged", defaultHeadersSpy); + const res = await client.invoke("getOrderList get /order", {}); + expect(authEndpointSpy).toHaveBeenCalledWith({ + client_id: "administration", + grant_type: "refresh_token", + refresh_token: "my-refresh-token", + }); + expect(authHeaderSpy).toHaveBeenCalledWith( + "Bearer client-session-access-token", + ); + expect(res.data).toEqual({ orderResponse: 123 }); + + expect(onAuthChangeSpy).toBeCalledWith({ + accessToken: "client-session-access-token", + expirationTime: expect.any(Number), + refreshToken: "", + }); + expect(defaultHeadersSpy).toBeCalledWith( + "Authorization", + "Bearer client-session-access-token", + ); + }); + it("should not invoke /oauth/token request before request if there's an active session", async () => { const authEndpointSpy = vi.fn().mockImplementation(() => {}); const authHeaderSpy = vi.fn().mockImplementation(() => {});