ionic-appauth
ionic-appauth copied to clipboard
AuthService.refreshToken send custom value?
Is it possible to send a custom value in the request body of AuthService.refreshToken() like this?
userId=08d9e6e1-748e-40c2-87d6-921f9729ad05& refresh_token=... grant_type=refresh_token& client_id=..
For now I ended up by extending the AuthService:
export class CustomAuthService extends AuthService implements IAuthService {
constructor(browser?: Browser, storage?: StorageBackend, requestor?: Requestor) {
super(browser, storage, requestor);
}
protected async requestTokenRefreshWithExtras(extras: StringMap) {
const _token = await this.token$
.pipe(take(1))
.toPromise();
if (!_token) {
throw new Error("No Token Defined!");
}
let requestJSON: TokenRequestJson = {
grant_type: GRANT_TYPE_REFRESH_TOKEN,
refresh_token: _token.refreshToken,
redirect_uri: this.authConfig.redirect_url,
client_id: this.authConfig.client_id,
extras: extras
};
let token: TokenResponse = await this.tokenHandler.performTokenRequest(await this.configuration, new TokenRequest(requestJSON));
await this.storage.setItem(TOKEN_RESPONSE_KEY, JSON.stringify(token.toJson()));
this.notifyActionListers(AuthActionBuilder.RefreshSuccess(token));
}
public async refreshTokenWithExtras(extras: StringMap) {
await this.requestTokenRefreshWithExtras(extras).catch((response) => {
this.storage.removeItem(TOKEN_RESPONSE_KEY);
this.notifyActionListers(AuthActionBuilder.RefreshFailed(response));
});
}
}
I wouldn't recommend this. Access and refresh tokens shouldn't contain identity information. In fact, the OAuth spec doesn't even require they be JWTs. They can just be a random string of characters that have no meaning.