fix(oauth): correct OAuth implementation to match bunq documentation
This commit is contained in:
@@ -44,15 +44,6 @@ export class BunqApiContext {
|
||||
* Initialize the API context (installation, device, session)
|
||||
*/
|
||||
public async init(): Promise<void> {
|
||||
// If using OAuth token, skip session creation
|
||||
if (this.options.isOAuthToken) {
|
||||
// OAuth tokens already have an associated session
|
||||
this.context.sessionToken = this.options.apiKey;
|
||||
this.session = new BunqSession(this.crypto, this.context);
|
||||
this.session.setOAuthMode(true);
|
||||
return;
|
||||
}
|
||||
|
||||
// Try to load existing context
|
||||
const existingContext = await this.loadContext();
|
||||
|
||||
@@ -78,6 +69,11 @@ export class BunqApiContext {
|
||||
this.options.deviceDescription,
|
||||
this.options.permittedIps || []
|
||||
);
|
||||
|
||||
// Set OAuth mode if applicable (for session expiry handling)
|
||||
if (this.options.isOAuthToken) {
|
||||
this.session.setOAuthMode(true);
|
||||
}
|
||||
|
||||
// Save context
|
||||
await this.saveContext();
|
||||
@@ -135,11 +131,6 @@ export class BunqApiContext {
|
||||
* Refresh session if needed
|
||||
*/
|
||||
public async ensureValidSession(): Promise<void> {
|
||||
// OAuth tokens don't need session refresh
|
||||
if (this.options.isOAuthToken) {
|
||||
return;
|
||||
}
|
||||
|
||||
await this.session.refreshSession();
|
||||
await this.saveContext();
|
||||
}
|
||||
|
||||
@@ -10,20 +10,12 @@ export class BunqHttpClient {
|
||||
private crypto: BunqCrypto;
|
||||
private context: IBunqApiContext;
|
||||
private requestCounter: number = 0;
|
||||
private isOAuthMode: boolean = false;
|
||||
|
||||
constructor(crypto: BunqCrypto, context: IBunqApiContext) {
|
||||
this.crypto = crypto;
|
||||
this.context = context;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set OAuth mode
|
||||
*/
|
||||
public setOAuthMode(isOAuth: boolean): void {
|
||||
this.isOAuthMode = isOAuth;
|
||||
}
|
||||
|
||||
/**
|
||||
* Update the API context (used after getting session token)
|
||||
*/
|
||||
@@ -44,20 +36,13 @@ export class BunqHttpClient {
|
||||
const body = options.body ? JSON.stringify(options.body) : undefined;
|
||||
|
||||
// Add signature if required
|
||||
// Skip signing for OAuth tokens or if explicitly disabled
|
||||
if (options.useSigning !== false && !this.isOAuthMode) {
|
||||
try {
|
||||
const privateKey = this.crypto.getPrivateKey();
|
||||
headers['X-Bunq-Client-Signature'] = this.crypto.createSignatureHeader(
|
||||
options.method,
|
||||
options.endpoint,
|
||||
headers,
|
||||
body || ''
|
||||
);
|
||||
} catch (error) {
|
||||
// If no private key is available (e.g., OAuth mode), skip signing
|
||||
// This is expected for OAuth tokens
|
||||
}
|
||||
if (options.useSigning !== false && this.crypto.getPrivateKey()) {
|
||||
headers['X-Bunq-Client-Signature'] = this.crypto.createSignatureHeader(
|
||||
options.method,
|
||||
options.endpoint,
|
||||
headers,
|
||||
body || ''
|
||||
);
|
||||
}
|
||||
|
||||
// Make the request
|
||||
@@ -81,8 +66,7 @@ export class BunqHttpClient {
|
||||
const response = await plugins.smartrequest.request(url, requestOptions);
|
||||
|
||||
// Verify response signature if we have server public key
|
||||
// Skip verification for OAuth tokens as they don't have installation keys
|
||||
if (this.context.serverPublicKey && !this.isOAuthMode) {
|
||||
if (this.context.serverPublicKey) {
|
||||
// Convert headers to string-only format
|
||||
const stringHeaders: { [key: string]: string } = {};
|
||||
for (const [key, value] of Object.entries(response.headers)) {
|
||||
|
||||
@@ -149,8 +149,6 @@ export class BunqSession {
|
||||
// OAuth tokens don't expire in the same way as regular sessions
|
||||
// Set a far future expiry time
|
||||
this.sessionExpiryTime = plugins.smarttime.TimeStamp.fromMilliSeconds(Date.now() + 365 * 24 * 60 * 60 * 1000);
|
||||
// Also set OAuth mode on HTTP client
|
||||
this.httpClient.setOAuthMode(true);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -158,11 +156,6 @@ export class BunqSession {
|
||||
* Check if session is still valid
|
||||
*/
|
||||
public isSessionValid(): boolean {
|
||||
// OAuth tokens are always considered valid (they have their own expiry mechanism)
|
||||
if (this.isOAuthMode) {
|
||||
return true;
|
||||
}
|
||||
|
||||
if (!this.sessionExpiryTime) {
|
||||
return false;
|
||||
}
|
||||
@@ -175,11 +168,6 @@ export class BunqSession {
|
||||
* Refresh the session if needed
|
||||
*/
|
||||
public async refreshSession(): Promise<void> {
|
||||
// OAuth tokens don't need session refresh
|
||||
if (this.isOAuthMode) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (!this.isSessionValid()) {
|
||||
await this.createSession();
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user