fix(oauth): fix private key error for OAuth tokens

2025-07-22 21:18:41 +00:00
parent cffba39844
commit 739e781cfb
5 changed files with 62 additions and 9 deletions
--- a/ts/bunq.classes.httpclient.ts
+++ b/ts/bunq.classes.httpclient.ts
@@ -10,12 +10,20 @@ export class BunqHttpClient {
  private crypto: BunqCrypto;
  private context: IBunqApiContext;
  private requestCounter: number = 0;
+  private isOAuthMode: boolean = false;

  constructor(crypto: BunqCrypto, context: IBunqApiContext) {
    this.crypto = crypto;
    this.context = context;
  }

+  /**
+   * Set OAuth mode
+   */
+  public setOAuthMode(isOAuth: boolean): void {
+    this.isOAuthMode = isOAuth;
+  }
+
  /**
   * Update the API context (used after getting session token)
   */
@@ -36,13 +44,20 @@ export class BunqHttpClient {
    const body = options.body ? JSON.stringify(options.body) : undefined;
    
    // Add signature if required
-    if (options.useSigning !== false && this.crypto.getPrivateKey()) {
-      headers['X-Bunq-Client-Signature'] = this.crypto.createSignatureHeader(
-        options.method,
-        options.endpoint,
-        headers,
-        body || ''
-      );
+    // Skip signing for OAuth tokens or if explicitly disabled
+    if (options.useSigning !== false && !this.isOAuthMode) {
+      try {
+        const privateKey = this.crypto.getPrivateKey();
+        headers['X-Bunq-Client-Signature'] = this.crypto.createSignatureHeader(
+          options.method,
+          options.endpoint,
+          headers,
+          body || ''
+        );
+      } catch (error) {
+        // If no private key is available (e.g., OAuth mode), skip signing
+        // This is expected for OAuth tokens
+      }
    }

    // Make the request
@@ -66,7 +81,8 @@ export class BunqHttpClient {
      const response = await plugins.smartrequest.request(url, requestOptions);
      
      // Verify response signature if we have server public key
-      if (this.context.serverPublicKey) {
+      // Skip verification for OAuth tokens as they don't have installation keys
+      if (this.context.serverPublicKey && !this.isOAuthMode) {
        // Convert headers to string-only format
        const stringHeaders: { [key: string]: string } = {};
        for (const [key, value] of Object.entries(response.headers)) {
--- a/ts/bunq.classes.session.ts
+++ b/ts/bunq.classes.session.ts
@@ -149,6 +149,8 @@ export class BunqSession {
      // OAuth tokens don't expire in the same way as regular sessions
      // Set a far future expiry time
      this.sessionExpiryTime = plugins.smarttime.TimeStamp.fromMilliSeconds(Date.now() + 365 * 24 * 60 * 60 * 1000);
+      // Also set OAuth mode on HTTP client
+      this.httpClient.setOAuthMode(true);
    }
  }